lander/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: use mkHetznerMachine for db-01

Browse source 
Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
This commit is contained in:
Lander Van den Bulcke 2025-09-19 17:49:16 +02:00
parent 3aa3570617
commit 89857b9978
Signed by: lander
GPG key ID: 0142722B4B0C536F
6 changed files with 39 additions and 103 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.sops.yaml
View file

@ -37,6 +37,12 @@ creation_rules:
- *db-01 - *db-01
pgp: pgp:
- *lander - *lander
- path_regex: hosts/servers/db-01.yaml
key_groups:
- age:
- *db-01
pgp:
- *lander
- path_regex: hosts/hosting-01/secrets.yam?l$ - path_regex: hosts/hosting-01/secrets.yam?l$
key_groups: key_groups:
- age: - age:

8
flake.nix
View file

@ -126,12 +126,8 @@
}; };
# servers # servers
db-01 = nixpkgs.lib.nixosSystem { db-01 = hetzner.mkHetznerMachine "db-01" {
system = "aarch64-linux"; ipv6Address = "2a01:4f8:c012:15d4::/64";
specialArgs = { inherit inputs outputs; };
modules = [
./hosts/db-01
];
}; };
hosting-01 = nixpkgs.lib.nixosSystem { hosting-01 = nixpkgs.lib.nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";

52
hosts/db-01/disk-config.nix
View file

@ -1,52 +0,0 @@
{
lib,
disks ? [ "/dev/sda" ],
...
}:
{
disko.devices = {
disk = lib.genAttrs disks (disk: {
device = disk;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "256M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
main = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # override existing partition
subvolumes = {
"/" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/";
};
"/home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
};
};
};
};
};
});
};
}

30
hosts/db-01/secrets.yaml
View file

@ -1,30 +0,0 @@
restic-environment: ENC[AES256_GCM,data:c8Ksx+QSpiIDhTlCfjT8q6eXcvUxcZleDbux0qO/3WIXCa6BH+CjpT/0vScUZofZS0GTMfwfp2KOdqjgmYrWMaUS2nDbG5/PCMZNwp45KwC5qIQ2NH5RT6L9Eli+QNsDmEcQKptX,iv:s0pKkKtI544isCTVPKOO2vM0yJV8DlelIEHGL4t50+w=,tag:ekPvAIALsu8HuEBky8gUug==,type:str]
restic-password: ENC[AES256_GCM,data:u1xmMLCTwTcTwNysIr1RpuAL+kL4zKd6ZA==,iv:VUw/nKj+7WDidPqVMshtlo3Fs0yo1/QmGWR+Zbil0s0=,tag:kmJYIl+WDwElvSvMbQ1xmg==,type:str]
restic-repository: ENC[AES256_GCM,data:KQzrOhXuJ2vn7y3fyAqLbPgHqaCfnOlguUlhuFry11Ap3rKgyIy+QHa4z/akeigJsg==,iv:VFpi3GXU/jXlIBMCXDzZ7Jrc05/42Ur1K7lJXOAJJ1w=,tag:d4P0cOwFvoHa21UGakT1mQ==,type:str]
sops:
age:
- recipient: age1a5zz4cyda0aqh0hgf8svpyh9ktwy6z5x3gnnu5ysvpvek9rn03csx7dyqn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCY0tVQk5tdUZJa2h6Q3Yy
QWxjaUVnZ3ZRZzhSbW42VVpVSHRZUXlSdmlrCk9iTllWeno5d3ZScjdxZGM3ZmlX
MnRWNWI3NHhWbmFUa3hvYVJ4WU5pa0kKLS0tIENHaG1YUTBRaE02Nkx6eDExcEhO
Qyt4M05FMnZubkN1Rk8ybFVCSjh5aEkKb40hoPGE7nHaL1CiYnoLo1QVZj91qSCk
XvfItL+ATREgjUDlc0zV0/Ps/XFL6wkyPASHIfkO+q1VSwSTMLNGlw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-19T14:03:15Z"
mac: ENC[AES256_GCM,data:tI8I3DwAwdfZEkzU1QldMEQjy7qUvyy6mCAifMxe7/63l2/zJ02T2AhRHbIbbcQdwj3oSshopucyTU65q7PZWEkrkxfIaZSHyMi3xkgQXIvVeD5KRLpw3G242ae2EFSL+3D+hrnaOBEUb4rtXrTlsBcIEsPSeVgK7ySNBfBnUj0=,iv:sCfLTRQlrSQLDkWsdQhefL9mOkqlkMCRQiHY747tt88=,tag:JLPUqOSYcjYfCETbWPgG0g==,type:str]
pgp:
- created_at: "2025-09-19T14:03:01Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DARdpY4woM6wSAQdAZBTYQrGKSh9Al/PomMw4FrqT+Z6FdqDP+SWHgMCMmE8w
d3kiCOBTs4IETttl+o0ZqZ0bR7QHI0NUOAlWdopI2m6dDGl7WDGxVMxbokpK+3ot
0l4BtsYlAvcJKrBRAY+/lgwYkxeaJwfXtqK7FdrpRv+criLyDn9T95TVz4Ss2zhe
rzkQS/NaX7CY7JhEwyPqENwHWKBw6x8GEKTdpPEL7Mi/OSKbjWUYn02mMkCtGQU3
=uMmY
-----END PGP MESSAGE-----
fp: 4BE1257015580BAB9F4B9D5FCA5B1C34E649BF92
unencrypted_suffix: _unencrypted
version: 3.10.2

16
hosts/db-01/default.nix → hosts/servers/db-01.nix
View file

@ -1,19 +1,5 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [
./disk-config.nix
{
_module.args.disks = [ "/dev/sda" ];
}
../common/servers
];
time.timeZone = "Europe/Berlin";
networking.hostName = "db-01";
networking.nameservers = [ "8.8.8.8" ];
services.postgresql = { services.postgresql = {
enable = true; enable = true;
enableTCPIP = true; enableTCPIP = true;
@ -79,7 +65,7 @@
}; };
sops = { sops = {
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./db-01.yaml;
secrets = { secrets = {
restic-environment = { restic-environment = {
owner = "root"; owner = "root";

30
hosts/servers/db-01.yaml Normal file
View file

@ -0,0 +1,30 @@
restic-environment: ENC[AES256_GCM,data:Q6W/vOld3Or+Wrh4yCQzQo5O9IT1oNQYWTEiTzue7blrKkMysUZ8se9d0tXwlC/KcHWe+luV3A8MTsAg52gBFPyCzFYue/JwCiesg/7NN7ITvETgl5k2LIPha809gE1mSEsWvvdw,iv:phVKcs9JucAfGRlfEubaqDMPWYvkEHzZUZMi989VUgI=,tag:LW2HBn0cEDbHZfp+T/tcWg==,type:str]
restic-password: ENC[AES256_GCM,data:8JUiNyc0YGRm12FVpAheJ1wyWZJxuz3SWg==,iv:Il5Uzs/V1Z14Eo155XybjVW5PJEFG3X/+YZHY3LYit4=,tag:rsQBtOs5ylL+KrPPENec9w==,type:str]
restic-repository: ENC[AES256_GCM,data:8snVO99xFHv0fX23PbRpRst1gQrANzk0+AyfwzDv74xbNrgIrliwQ8q9LAcMjN4NIQ==,iv:19w3tP5Nf3ajBVg6sfMuH0ZoOsQjbS290eHkzkF3AZI=,tag:i8eOvJTVvw7B8pH2fDLIkQ==,type:str]
sops:
age:
- recipient: age1a5zz4cyda0aqh0hgf8svpyh9ktwy6z5x3gnnu5ysvpvek9rn03csx7dyqn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWb1B3Qk5lVTRCM2lQUmQx
djVXNVZlOEc1WjR5MmtobDU2OHAxb2FrWVJnCmxTa3pZaDFFeFR3M3lka241WEl5
RlRBT1M4OXg4UDR2NTYyQyt5UTFFZmcKLS0tIDVzSCtVUjBrdUVYTWxLTForOUtu
aExIeTJKajZvYzcxaGlyZVVvNXBTK2sKVe4bJOmCKWJYvT1ovlE1ChZ+HBtuJK1P
0nNf6caS2LimPd+8izWUX32mJBxCfk2Yy9gO04h5uk83JC6ei280nw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-19T15:47:43Z"
mac: ENC[AES256_GCM,data:qAMi9plVufdFQHoUH+zcLCqkrjAU8duKunl9owdAcdwfgRjTf+/cYK53zlsygu1KHiULO0E1/3TtW8z2yfr4NAMf9BSEwuJuIcCwOOy8fqzaCIN2xPJ4GXG0vQe2D1wnEomnnLa53AmzkuMT3qwV9yeUk68Q+PszS86jK3E2nvk=,iv:ycKcUebVjjSDx5+CSLG06WlUYBapGCbWNkmlQWua/To=,tag:EQM5SET3PX0Uf3vwbZL58Q==,type:str]
pgp:
- created_at: "2025-09-19T15:47:33Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DARdpY4woM6wSAQdAf+jR6oFZ9FpeQWecdJ0tTKwIu/6XfkOPsZGbWC0LkiYw
xqRDU1B/AhsfT8DvVzdu28BlIp8vdSJhZTMXQs5UsYdIBhr0atUWg+HSLh+kHslA
0l4BDsZLKA9u+TsT3IMU8CMCXwaayxC3FRDUqoaxkzOL+2f2mk12PWXt/ipwgPD8
w75kknmpPJxZDTgndupgdVm56Ral/jGTtnkJH3BNbwM2uuzux6ViUODDc04PPNqe
=4Cge
-----END PGP MESSAGE-----
fp: 4BE1257015580BAB9F4B9D5FCA5B1C34E649BF92
unencrypted_suffix: _unencrypted
version: 3.10.2