migrate to clan

2025-05-16 15:46:47 +02:00
parent f817ba1405
commit f1ec59c3af
60 changed files with 225 additions and 391 deletions
--- a/machines/crocus/configuration.nix
+++ b/machines/crocus/configuration.nix
@@ -0,0 +1,82 @@
+{
+  inputs,
+  modulesPath,
+  config,
+  ...
+}:
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+    # ./radicle.nix
+    ../../system
+    inputs.clan-core.clanModules.state-version
+    ../../modules/remote-builder.nix
+    ../../modules/borgbackup.nix
+  ];
+
+  nixpkgs.hostPlatform = "x86_64-linux";
+
+  networking.hostName = "crocus";
+  clan.core.networking.targetHost = "root@crocus.local";
+
+  networking.useDHCP = false;
+  systemd.network.enable = true;
+  systemd.network.networks."10-wan" = {
+    matchConfig.Name = "enp1s0";
+    networkConfig.DHCP = "ipv4";
+    address = [
+      "2a01:4f8:1c1e:e415::1/64"
+    ];
+    routes = [
+      { Gateway = "fe80::1"; }
+    ];
+  };
+
+  services.avahi.enable = true;
+
+  disko.devices.disk.main.device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_48353082";
+
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+  services.prometheus = {
+    enable = true;
+    port = 9001;
+    exporters = {
+      node = {
+        enable = true;
+        enabledCollectors = [ "systemd" ];
+        port = 9002;
+      };
+    };
+
+    scrapeConfigs = [
+      {
+        job_name = "crocus";
+        static_configs = [
+          {
+            targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
+          }
+        ];
+      }
+    ];
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "admin@rpqt.fr";
+  };
+}
--- a/machines/crocus/disko.nix
+++ b/machines/crocus/disko.nix
@@ -0,0 +1,42 @@
+{
+  clan-core,
+  config,
+  ...
+}:
+let
+  suffix = config.clan.core.vars.generators.disk-id.files.diskId.value;
+in
+{
+  imports = [ clan-core.clanModules.disk-id ];
+
+  disko.devices.disk.main = {
+    name = "main-" + suffix;
+    type = "disk";
+    content = {
+      type = "gpt";
+      partitions = {
+        boot = {
+          type = "EF02";
+          size = "1M";
+        };
+        ESP = {
+          type = "EF00";
+          size = "512M";
+          content = {
+            type = "filesystem";
+            format = "vfat";
+            mountpoint = "/boot";
+          };
+        };
+        root = {
+          size = "100%";
+          content = {
+            type = "filesystem";
+            format = "ext4";
+            mountpoint = "/";
+          };
+        };
+      };
+    };
+  };
+}
--- a/machines/crocus/radicle.nix
+++ b/machines/crocus/radicle.nix
@@ -0,0 +1,21 @@
+{ config, keys, ... }:
+{
+  services.radicle = {
+    enable = true;
+    privateKeyFile = config.age.secrets.radicle-private-key.path;
+    publicKey = keys.services.radicle;
+    node = {
+      openFirewall = true;
+    };
+    httpd = {
+      enable = true;
+      nginx = {
+        serverName = "radicle.rpqt.fr";
+        enableACME = true;
+        forceSSL = true;
+      };
+    };
+  };
+
+  age.secrets.radicle-private-key.file = ../../secrets/radicle-private-key.age;
+}