devices.vps8: init

2026-01-12 04:39:23 +08:00 · 2025-03-10 20:26:55 +08:00
parent 60218f35b7
commit 2ddf912432
9 changed files with 93 additions and 5 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -10,6 +10,7 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
  - &srv1-node2 age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
  - &srv2-node0 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
  - &srv2-node1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
+  - &vps8 age1aj70kptmxuhxnf9ha5dmgqxvfsvtv0py48uqn0jtszqc0sm4rqqsuwgy47
 creation_rules:
  - path_regex: devices/pc/.*$
    key_groups:
@@ -72,4 +73,7 @@ creation_rules:
    - age: [ *chn, *pc, *vps6, *vps7, *nas, *one, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1 ]
  - path_regex: devices/cross/secrets/chn.yaml$
    key_groups:
-    - age: [ *chn, *pc, *one, *nas ]
+    - age: [ *chn, *pc, *one, *nas ]
+  - path_regex: devices/vps8/.*$
+    key_groups:
+    - age: [ *chn, *vps8 ]
--- a/devices/cross/luks-manual/default.nix
+++ b/devices/cross/luks-manual/default.nix
@@ -9,6 +9,7 @@ let devices =
  };
  vps6."/dev/disk/by-uuid/4f8aca22-9ec6-4fad-b21a-fd9d8d0514e8" = { mapper = "root"; ssd = true; };
  vps7."/dev/disk/by-uuid/db48c8de-bcf7-43ae-a977-60c4f390d5c4" = { mapper = "root"; ssd = true; };
+  vps8."/dev/disk/by-uuid/961d75f0-b4ad-4591-a225-37b385131060" = { mapper = "root"; ssd = true; };
 };
 in
 {
--- a/devices/cross/luks-manual/vps8.key
+++ b/devices/cross/luks-manual/vps8.key
--- a/devices/cross/wireguard.nix
+++ b/devices/cross/wireguard.nix
@@ -3,7 +3,7 @@ let devices =
 {
  vps6 =
  {
-    peers = [ "pc" "nas" "one" "vps7" "srv2-node0" "srv1-node0" ];
+    peers = [ "pc" "nas" "one" "vps7" "srv2-node0" "srv1-node0" "vps8" ];
    publicKey = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
    wireguardIp = "192.168.83.1";
    listenIp = "74.211.99.69";
@@ -51,6 +51,13 @@ let devices =
    publicKey = "Br+ou+t9M9kMrnNnhTvaZi2oNFRygzebA1NqcHWADWM=";
    wireguardIp = "192.168.83.9";
  };
+  vps8 =
+  {
+    peers = [ "vps8" ];
+    publicKey = "ifOlF2zBEygsqSX48ljT9CRKx/eiTFvI78HJtmLOpnU=";
+    wireguardIp = "192.168.83.6";
+    listenIp = "144.34.225.59";
+  };
 };
 in
 {
--- a/devices/vps8/default.nix
+++ b/devices/vps8/default.nix
@@ -0,0 +1,35 @@
+inputs:
+{
+  config =
+  {
+    nixos =
+    {
+      system =
+      {
+        fileSystems =
+        {
+          mount =
+          {
+            btrfs =
+            {
+              "/dev/disk/by-uuid/0067ef91-06f7-416e-88cb-4880ce04afa4"."/boot" = "/boot";
+              "/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
+            };
+          };
+          swap = [ "/nix/swap/swap" ];
+          rollingRootfs = {};
+        };
+        grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
+        nixpkgs.march = "znver2";
+        nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
+        initrd.sshd = {};
+        networking = {};
+      };
+      services =
+      {
+        sshd = {};
+        beesd.instances.root = "/";
+      };
+    };
+  };
+}
--- a/devices/vps8/secrets.yaml
+++ b/devices/vps8/secrets.yaml
@@ -0,0 +1,31 @@
+wireguard:
+    privateKey: ENC[AES256_GCM,data:trJIviblWM0JdBjEdginSmvtzML6m9xjl/D2nRwJUUjM7zIMRMOp2Me+eYQ=,iv:ANnHYDoKSizkxFzzJp24yVxIkXftp1GXkSYsdctHfGA=,tag:UZZApcy1QkPJ79WOIvMd1Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVcnVXYkl0Nnd0U1k1R1dP
+            dndDSEJRRVF5RWhZWFpDTDZFMXdrb1JqVXlzCitDenJGcDdnRThXY0JyOWZUNnBq
+            ZmJsVXlDSjBvZnRUd0VjaU0wUzgxVXMKLS0tIHVyalMrdlZ0QWRTRUdCQ3EvQW1m
+            d3VDZnRwNDdBZWZvdDczZ3NyR1JiMzAK7rMhMCAKlAh+t4eJZfI2PHBHAcK1DEIE
+            fzcjChIyFJmtpJvpea3UOEq/eqPHOSQ85ySTo36mTboYbc1nDNjLcQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1aj70kptmxuhxnf9ha5dmgqxvfsvtv0py48uqn0jtszqc0sm4rqqsuwgy47
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArWnZBOXBYTDYvUU40dnRu
+            ZGtLRUlBQjhHSC8xTFhNNlRsMFhMSTJzTXhZCmdTZlhqMWhLY25WY2xUSm1GTGVP
+            clVQdjM3QS9DaUFEWW1JcURoR0Nkb2MKLS0tIGc2RDRldkhpZldZUDdoS2RPMHlF
+            Vk1UUXB5ZWNyNU9pcW9BQ0l5VWFtL0UKPT/H88TAqc6cYrdmdLb5WU6hlChRC1+0
+            SlBlHQbCxwF/J8bEFvlv0FeMwn8LANcyj5Yuc4kJiD1GAJGDaOGdBw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-03-10T12:26:06Z"
+    mac: ENC[AES256_GCM,data:twPqWazuLhcv0La3Q2qzjfGyuI7DJi77yhmnKnVAosccYBxT2i/h0V2fTTQ1kWsVK1zVj2QMqrTc08jpklwszZwXYJF3isUazf/0dVBv994WBD6c15WIvpz3llj6Y9dlbj9pc9BCxdWVEY8KtJGlYmeEvVJ8Ueim67cIuTuJhaA=,iv:3NPTVSN24VljETb7eIkVW8bYUMZBiSbf8YU/+FTOp6Y=,tag:qNc56ucju0SSjIaN7gMgpQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.2
--- a/flake/nixos.nix
+++ b/flake/nixos.nix
@@ -1,6 +1,6 @@
 { inputs, localLib }:
 let
-  machine = [ "nas" "pc" "vps6" "vps7" "one" ];
+  machine = [ "nas" "pc" "vps6" "vps7" "one" "vps8" ];
  cluster = { srv1 = 3; srv2 = 2; };
 in builtins.listToAttrs
 (
--- a/modules/packages/ssh.nix
+++ b/modules/packages/ssh.nix
@@ -27,6 +27,16 @@ inputs:
          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIGZyQpdQmEZw3nLERFmk2tS1gpSvXwW0Eish9UfhrRxC";
          hostnames = [ "initrd.vps7.chn.moe" "144.126.144.62" ];
        };
+        vps8 =
+        {
+          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIPvnbWjPREXju3zKKB2sYRlfgO0wmD8W5ZPXDFN5kb95";
+          hostnames = [ "vps8.chn.moe" "wireguard.vps8.chn.moe" "144.34.225.59" "192.168.83.6" ];
+        };
+        "initrd.vps8" =
+        {
+          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIMQn3+Jgha7l0P3Li6QZx/QekICpMW+XkOxENQ5bifbX";
+          hostnames = [ "initrd.vps8.chn.moe" "144.34.225.59" ];
+        };
        nas =
        {
          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIIktNbEcDMKlibXg54u7QOLt0755qB/P4vfjwca8xY6V";
@@ -116,7 +126,7 @@ inputs:
        (
          (builtins.map
            (host: { name = host; value = { inherit host; hostname = "${host}.chn.moe"; }; })
-            [ "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.nas" "wireguard.one" ])
+            [ "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.nas" "wireguard.one" "vps8" "wireguard.vps8" ])
          ++ (builtins.map
            (host: { name = host; value = { inherit host; hostname = "${host}.chn.moe"; forwardX11 = true; }; })
            [ "wireguard.pc" "srv1" "wireguard.srv1" "srv2" "wireguard.srv2" ])
--- a/modules/user/chn/ssh.nix
+++ b/modules/user/chn/ssh.nix
@@ -19,7 +19,7 @@ inputs:
            (system: { name = system; value = { forwardAgent = true; extraOptions.AddKeysToAgent = "yes"; }; })
            [
              "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.pc" "nas" "wireguard.nas" "pc"
-              "srv1" "wireguard.srv1" "srv2" "wireguard.srv2" "one" "wireguard.one"
+              "srv1" "wireguard.srv1" "srv2" "wireguard.srv2" "one" "wireguard.one" "vps8" "wireguard.vps8"
            ]));
          extraConfig = inputs.lib.mkIf inputs.config.nixos.model.private
          ''