hosts (srv-eval-1): Bootstrap evaluation host

britter · Sep 28, 2024 · d0d8344 · d0d8344
1 parent 4766fe7
commit d0d8344
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 1 deletion.
diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        configuration: ["pulse-14", "srv-prod-1", "srv-prod-2", "srv-test-1", "srv-test-2"]
+        configuration: ["pulse-14", "srv-prod-1", "srv-prod-2", "srv-test-1", "srv-test-2", "srv-eval-1"]
     steps:
       - name: Free disk space
         uses: jlumbroso/free-disk-space@main

diff --git a/.sops.yaml b/.sops.yaml
@@ -4,6 +4,7 @@ keys:
   - &srv-prod-2 age1azlfwa6wlup8vc9vjqhn2nv8hnpphrg5f0chyhn8xq63tv54zyjsr8yng2
   - &srv-test-1 age1gnt60tjm9k8v25a3cs8yhtrq5xnrgylvmxwyhkglq2c5lq0q2fcs4slgkx
   - &srv-test-2 age1jafz4xf567lgtcqv7lwxl7np0gf332yedghdlxgcxd0lfqmtxd2qpg0p4x
+  - &srv-eval-1 age15vkuesucjf60x8dcfyre4aus4djyxamsk20ce2u7nrprml2j533qcsc7pd
   - &directions age1tqwmx8ge4fxkj2l8sfam94eg52km2w3dqjgazjez46m4ywln7qls0unsdw
 creation_rules:
   - path_regex: systems/x86_64-linux/srv-prod-1/secrets\.yaml$
@@ -26,6 +27,11 @@ creation_rules:
       - age:
         - *pulse-14
         - *srv-test-2
+  - path_regex: systems/x86_64-linux/srv-eval-1/secrets\.yaml$
+    key_groups:
+      - age:
+        - *pulse-14
+        - *srv-eval-1
   - path_regex: systems/aarch64-linux/directions/secrets\.yaml$
     key_groups:
       - age:

diff --git a/modules/nixos/homelab/default.nix b/modules/nixos/homelab/default.nix
@@ -42,5 +42,11 @@
         default = "192.168.178.222";
       };
     };
+    srv-eval-1 = {
+      ip = lib.mkOption {
+        type = lib.types.str;
+        default = "192.168.178.231";
+      };
+    };
   };
 }
diff --git a/systems/x86_64-linux/srv-eval-1/configuration.nix b/systems/x86_64-linux/srv-eval-1/configuration.nix
@@ -0,0 +1,26 @@
+{...}: {
+  imports = [
+    ../../../modules/nixos
+  ];
+
+  my = {
+    host = {
+      role = "server";
+    };
+    modules = {
+      proxmox-vm.enable = true;
+      disko = {
+        enable = true;
+        bootDisk = "/dev/sda";
+      };
+    };
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.11"; # Did you read the comment?
+}
diff --git a/systems/x86_64-linux/srv-eval-1/secrets.yaml b/systems/x86_64-linux/srv-eval-1/secrets.yaml
@@ -0,0 +1,31 @@
+acme:
+    cloudflare-dns-api-token: ENC[AES256_GCM,data:iaiSY/uXMCfxxGOaXqY8BwTsi6OqtpAWR69G2Sxh/zyFaWjTmwOHuA==,iv:XTISwkabnqOffYqU2C7o+QTZaTPedLfvvP8XZHn+WQs=,tag:ag7LA2Co6kCLNdM6tA8lDg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age18mrc4ttzg8xldevwfvtxqd0942hlv2az75l060flc4c0tqnmkaus0ueqpl
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBubEN5MkRBaDM5aStTK2Vz
+            dTJMWFFUdHBFVmN0NmR5S1h0Z1hZN255M3lZCmlTLzFBNk1MRldCMG9OYjhZREhL
+            NjZ0Uk5EOFhCdWJyK21qSHhEMmViVVEKLS0tIEg5aGVVV3J5OWxENGRDdDJlVndj
+            OGs1bG50a3NPVGt4V0dnZjB3enhRMFkKAZDMtyNPl/QAEx5K+Ss9dNg9dUcVPn+4
+            yBZHw3jvvS3QpaiL5RXjo52qHe4NIqU4iWuJ61qtblckOM07JKSEzw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age15vkuesucjf60x8dcfyre4aus4djyxamsk20ce2u7nrprml2j533qcsc7pd
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBObktjWnVPYWlwdyt6bkxB
+            MURWS3BrU3I1aXFYTEdjYlpEZCtTTFJsRm5RCjV6Y0ZxcDJsclBBNm15SkNUcnM5
+            WEFmdS9rTUZrS1FCQzhuUEV0U0FsSEUKLS0tIDE3aklWcDRKYmg0dWpObmVQaEV6
+            U1FhSmxBQlpzWE1VUU9tWG1lV1R0aEkKC9ohS9DDvFqqZxWl+GjSudmX5v2aMqwW
+            uKB1CKmSv3VIg+cgnIE69/fxVj/FV+Zk/3gC25z38ZvcbcfzFO3t7g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-09-28T09:26:11Z"
+    mac: ENC[AES256_GCM,data:cFLf1Jywgwm8lIXPR9McvLHcsnWOwMCw9CtOpbd1UKY1uye2wK2M0SNQWeHT9K0usj569HvrAAoEfNRkFt5XgcNAEyQhUC7tGVelbMMbiH53icjbNmdt8mPMw8c7H2P6PPvJ2FFuViohXBkRbmyarWB0+zr9/Us3Y0OMSkxm7Cs=,iv:UCNgnJ0gjSP35Omw+N+2DSIA1I9bX6P+NJVB3ukw/FI=,tag:mf0LVsbYQBZQJFxnInVsMg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1