diff --git a/common/admins.nix b/common/admins.nix index 3660df6..a6637fd 100644 --- a/common/admins.nix +++ b/common/admins.nix @@ -6,6 +6,7 @@ in { keys.users.k900 ++ keys.users.raito ++ keys.users.maxine ++ + keys.users.jade ++ [ # more raito "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD" diff --git a/common/ssh-keys.nix b/common/ssh-keys.nix index a63ea11..28fe08d 100644 --- a/common/ssh-keys.nix +++ b/common/ssh-keys.nix @@ -3,6 +3,7 @@ bagel-box = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsO4bNqY04uG13Pg3ubHfRDssTphDLzZ4YUniE5/p+M"; meta01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM5t9gYorOWgpCFDJgb24pyCKIabGpeI2H/UfdvXODcT"; gerrit01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+eSZu+u9sCynrMlsmFzQHLIELQAuVg0Cs1pBvwb4+A"; + fodwatch = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFRyTNfvKl5FcSyzGzw+h+bNFNOxdhvI67WdUZ2iIJ1L"; }; users = { @@ -10,5 +11,10 @@ raito = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICaw9ihTG7ucB8P38XdalEWev8+q96e2yNm4B+/I9IJp" ]; k900 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOi9vgVGs+S5kEsUqHPvyMMh1Q9gqL4TcbHoe5d73tun" ]; maxine = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpWQfhNFdrxMTP/1DwBVuk49f3df9iH7Tbdu8ltIKjr" ]; + jade = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNldAg4t13/i69TD786The+U3wbiNUdW2Kc9KNWvEhgpf4y4x4Sft0oYfkPw5cjX4H3APqfD+b7ItAG0GCbwHw6KMYPoVMNK08zBMJUqt1XExbqGeFLqBaeqDsmEAYXJRbjMTAorpOCtgQdoCKK/DvZ51zUWXxT8UBNHSl19Ryv5Ry5VVdbAE35rqs57DQ9+ma6htXnsBEmmnC+1Zv1FE956m/OpBTId50mor7nS2FguAtPZnDPpTd5zl9kZmJEuWCrmy6iinw5V4Uy1mLeZkQv+/FtozbyifCRCvps9nHpv4mBSU5ABLgnRRvXs+D41Jx7xloNADr1nNgpsNrYaTh hed-bot-ssh-tpm-rsa" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKYljH8iPMrH00lOb3ETxRrZimdKzPPEdsJQ5D5ovtOwAAAACnNzaDpzc2hrZXk= ssh:sshkey" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO4idMfdJxDJuBNOid60d4I+qxj09RHt+YkCYV2eXt6tGrEXg+S8hTQusy/SqooiXUH9pt4tea2RuBPN9+UwrH0= type-a yubikey slot 9a" + ]; }; } diff --git a/flake.nix b/flake.nix index c1684d9..a821aed 100644 --- a/flake.nix +++ b/flake.nix @@ -108,6 +108,17 @@ ./hosts/cl.forkos.org ]; }; + + fodwatch = { + imports = [ + inputs.agenix.nixosModules.default + inputs.hydra.nixosModules.hydra + + ./services + ./common + ./hosts/fodwatch.forkos.org + ]; + }; }; }; } diff --git a/hosts/fodwatch.forkos.org/default.nix b/hosts/fodwatch.forkos.org/default.nix new file mode 100755 index 0000000..9eede50 --- /dev/null +++ b/hosts/fodwatch.forkos.org/default.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + networking.hostName = "fodwatch"; + networking.domain = "infra.forkos.org"; + + time.timeZone = "Europe/Paris"; + + bagel.sysadmin.enable = true; + # Fodwatch will be proxied. + bagel.raito.v6-proxy-awareness.enable = true; + bagel.hardware.raito-vm = { + enable = true; + networking = { + nat-lan-mac = "BC:24:11:F2:17:F8"; + wan = { + address = "2001:bc8:38ee:100:1000::30/64"; + mac = "BC:24:11:69:74:D0"; + }; + }; + }; + + bagel.meta.monitoring.address = "fodwatch.infra.forkos.org"; + + i18n.defaultLocale = "en_US.UTF-8"; + + system.stateVersion = "24.05"; + deployment.targetHost = "fodwatch.infra.forkos.org"; +}