deploy vm

add senpai
add soju
2025-02-05 20:28:32 +00:00 · 2025-02-05 21:29:30 +01:00 · 2025-02-05 20:15:25 +00:00
7 changed files with 97 additions and 6 deletions
--- a/flake.nix
+++ b/flake.nix
@ -64,6 +64,7 @@
        let
          microvm-list = [
            "auth"
+            "conduwuit"
            "forgejo"
            "immich"
            "miniflux"
--- a/hosts/cloud/default.nix
+++ b/hosts/cloud/default.nix
@ -3,6 +3,7 @@
  imports = [
    ./configuration.nix
    ./hardware-configuration.nix
+    ./irc.nix
    ./networking.nix
    ./proxy
  ];
--- a/hosts/cloud/irc.nix
+++ b/hosts/cloud/irc.nix
@ -0,0 +1,12 @@
+{ pkgs, ... }:
+{
+  services.soju = {
+    enable = true;
+    listen = [
+      "irc+insecure://10.89.87.1"
+      "irc+insecure://[fd31:185d:722e::1]"
+    ];
+  };
+
+  environment.systemPackages = [ pkgs.soju ];
+}
--- a/hosts/conduwuit/default.nix
+++ b/hosts/conduwuit/default.nix
@ -0,0 +1,76 @@
+{ config, lib, ... }:
+let
+  mac = "02:00:00:00:00:06";
+in
+{
+  imports = [
+  ];
+  # sops.defaultSopsFile = ./secrets.yaml;
+  # sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+  # sops.secrets = {
+  #   "wg/0xa-proxy" = {
+  #     owner = config.users.users.systemd-network.name;
+  #   };
+  # };
+
+  microvm = {
+    hypervisor = "qemu";
+    mem = 3 * 1024;
+    vcpu = 2;
+    interfaces = [
+      {
+        type = "tap";
+        id = "uvm-conduwuit";
+        mac = mac;
+      }
+    ];
+    shares =
+      [
+        {
+          source = "/nix/store";
+          mountPoint = "/nix/.ro-store";
+          tag = "store";
+          proto = "virtiofs";
+          socket = "store.socket";
+        }
+      ]
+      ++ map
+        (dir: {
+          source = dir;
+          mountPoint = "/${dir}";
+          tag = dir;
+          proto = "virtiofs";
+          socket = "${dir}.socket";
+        })
+        [
+          "etc"
+          "var"
+          "home"
+        ];
+  };
+
+  networking.useNetworkd = true;
+  networking.firewall.enable = lib.mkForce false; # firewalling done by the host
+
+  systemd.network = {
+    enable = true;
+    networks."11-host" = {
+      matchConfig.MACAddress = mac;
+      networkConfig = {
+        Address = "10.99.99.16/24";
+        DHCP = "no";
+      };
+      routes = [
+        {
+          Gateway = "10.99.99.1";
+          Destination = "0.0.0.0/0";
+          Metric = 1024;
+        }
+      ];
+    };
+  };
+
+  networking.hostName = "conduwuit";
+  system.stateVersion = "24.11";
+}
--- a/hosts/toaster/default.nix
+++ b/hosts/toaster/default.nix
@ -3,7 +3,7 @@
  imports = [
    ./amd.nix
    ./hardware-configuration.nix
-    # ./irc.nix
+    ./irc.nix
    ./network
    ./secure-boot.nix
    ./zfs.nix
--- a/hosts/toaster/irc.nix
+++ b/hosts/toaster/irc.nix
@ -3,8 +3,8 @@
  environment.systemPackages = [ pkgs.senpai ];

  sops.secrets = {
-    "irc/senpai" = {
-      owner = config.users.users.grue.name;
+    "senpai" = {
+      owner = config.users.users."0xa".name;
    };
  };
 }
--- a/hosts/toaster/secrets.yaml
+++ b/hosts/toaster/secrets.yaml
@ -8,6 +8,7 @@ mail:
    shipunov.xyz: ENC[AES256_GCM,data:cg+P+FrZ2icjfhwDGKGyUH9DejSZHpNs2bcSBPyz8g==,iv:XZFaSXnGmTL9j2sEyt5Q7+pe6rr+WA/0UGq/2Gl5DTI=,tag:oq+5EuJWJKwK3h0/e6Uozw==,type:str]
    dvb.solutions: ENC[AES256_GCM,data:GSjPIPA5TGMWfhdRzTsiHPfXFVGLVSpJvJG+I++i,iv:EBlk00wqADCuYTzuVcuX9kSn6TVBfN12UlcXyps6TtE=,tag:G7rKTngN4v2FtuhQEMdUQQ==,type:str]
    tlm.solutions: ENC[AES256_GCM,data:ncTMh/jw+YmcmcVU/c1I36vV1CwtmtYwfyDUx9w9,iv:vPnmdvDnEJ9FF4rDkSfPnLWebleSgI/yG7qOgJfq5ic=,tag:z4w4LOGf2v0TBSxrHULBsw==,type:str]
+senpai: ENC[AES256_GCM,data:nLMlw+Gw5p9pcyElvHy/d+GV0/dbTj3+Et+lzBs1YEUcsYT2lM7sN+5+4PEF6weJgHUreTl007fh8+FO8S+mUg==,iv:+5szUWaARn93RTQvY13JGn2zJ3y8iyjv09i3KtbhaTQ=,tag:OsD4IoRv8wGuUbEnsld7Dg==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -23,8 +24,8 @@ sops:
            bDRBWjJJSDl3bDkxenR1S2NMZW91dW8Kzhc/6HeEJfLGDaKdRSbpaMdR7XaBxdQI
            jnAySJCGsXxCPebRtCIdDnoLjdqdzEggEhRh27JOpeOiEukLmakPMA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-11T01:25:11Z"
-    mac: ENC[AES256_GCM,data:Y11oSAhVwjYkuONxlWFKRTswaCMsj6/61HQgEZ9tKOxHK0mfx6CiJGqNKud7XDAebmqB3uIYNJ8zYKvM2D0+vLBp5Kk+bQX0tNXf1HXVJPYzE1GA+Wg5ZKYM5HZ339XiEEBZEbTU+ptMw2YO9mhDxYA6UnPPQ2IHNPgB/yrgfxM=,iv:iHERfH1sf35DgFYr6FkwxRxnF+qppWOqw1XJ/rJi3DU=,tag:L09jwVXKzSnACp2TSpEV2w==,type:str]
+    lastmodified: "2025-02-05T19:41:58Z"
+    mac: ENC[AES256_GCM,data:5u2hJYMHwpFd5fcHXKzOblHfgnRTjNIEL+glBsHct3xZ+G1APQg9WdgZbRWc+ypdYPFfhqXKV9RBl/UHtFEyljL7JQV0U8EfumP1WNjPaMgnWftm5qLOe0PxmrPbwsYYBdotO9GVoplghrNd1euvMsxd3F+YtU+MnY+u4dcr4C8=,iv:A61rDNajtU/NOqcemmCN348STdMI9qqPRvdd6n/EuKg=,tag:Y1zi86LNX1xlXpjbslmRAA==,type:str]
    pgp:
        - created_at: "2025-01-02T22:57:16Z"
          enc: |-
@ -47,4 +48,4 @@ sops:
            -----END PGP MESSAGE-----
          fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
    unencrypted_suffix: _unencrypted
-    version: 3.9.2
+    version: 3.9.4
Author	SHA1	Message	Date
Grisha Shipunov	d61b1a26eb	deploy vm	2025-02-05 20:28:32 +00:00
Grisha Shipunov	c1352fdd88	add senpai	2025-02-05 21:29:30 +01:00
Grigory Shipunov	5e7e8b5574	add soju	2025-02-05 20:15:25 +00:00