darwin01: init

2024-03-08 09:51:37 +10:00 · 2024-03-08 09:51:37 +10:00 · 1ff767bded
commit 1ff767bded
parent 7410dcc593
8 changed files with 56 additions and 3 deletions
--- a/.github/workflows/darwin.yml
+++ b/.github/workflows/darwin.yml
@ -16,7 +16,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        host: [darwin02, darwin03]
+        host: [darwin01, darwin02, darwin03]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
@ -36,6 +36,7 @@ jobs:
          EOF
          chmod 600 "$HOME/.ssh/id_ed25519"
          cat >>"$HOME/.ssh/known_hosts" <<EOF
+          darwin01.nix-community.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDDnaVD9TZDJKSpiJQg0qYs0WUHFq3Ur5ijm/kHOY91N
          darwin02.nix-community.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICJqwpMUEl1/iwrBakeDb1rlheXlE5mfDLICVz8w6yi6
          darwin03.nix-community.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX7W1ztzAtVXT+NBMITU+JLXcIE5HTEOd7Q3fQNu80S
          EOF
--- a/devdoc/hosts.md
+++ b/devdoc/hosts.md
@ -30,6 +30,14 @@
 - RAM: 128GB DDR4 ECC
 - Drives: 2 x 960 GB NVME in RAID 0

+### `darwin01`
+
+- Provider: Hetzner
+- Instance type: [Apple Mac mini M1](https://docs.hetzner.com/robot/dedicated-server/mac-mini/getting-started/)
+- CPU: Apple M1
+- RAM: 16GB
+- Drives: 256GB SSD, 2 x 1 TB NVME in RAID 0
+
 ### `darwin02`

 - Provider: Hetzner
--- a/flake.nix
+++ b/flake.nix
@ -101,6 +101,10 @@
            inherit (self.lib) darwinSystem;
          in
          {
+            darwin01 = darwinSystem {
+              pkgs = inputs.nixpkgs.legacyPackages.aarch64-darwin;
+              modules = [ ./hosts/darwin01/configuration.nix ];
+            };
            darwin02 = darwinSystem {
              pkgs = inputs.nixpkgs.legacyPackages.aarch64-darwin;
              modules = [ ./hosts/darwin02/configuration.nix ];
--- a/hosts/darwin01/configuration.nix
+++ b/hosts/darwin01/configuration.nix
@ -0,0 +1,19 @@
+{ inputs, ... }:
+
+{
+  imports = [
+    inputs.self.darwinModules.common
+    inputs.self.darwinModules.builder
+    inputs.self.darwinModules.community-builder
+  ];
+
+  nix.settings.sandbox = "relaxed";
+  nix.settings.extra-platforms = [ "x86_64-darwin" ];
+
+  # disable nixos-tests
+  nix.settings.system-features = [ "big-parallel" ];
+
+  networking.hostName = "darwin01";
+
+  system.stateVersion = 4;
+}
--- a/modules/nixos/common/security.nix
+++ b/modules/nixos/common/security.nix
@ -19,6 +19,10 @@
      hostNames = [ "build04.nix-community.org" ];
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvzMJfCiVKGfEjCfBZqDD7Kib5y+2zz04YI8XrCZ68O";
    };
+    darwin01 = {
+      hostNames = [ "darwin01.nix-community.org" ];
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDDnaVD9TZDJKSpiJQg0qYs0WUHFq3Ur5ijm/kHOY91N";
+    };
    darwin02 = {
      hostNames = [ "darwin02.nix-community.org" ];
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICJqwpMUEl1/iwrBakeDb1rlheXlE5mfDLICVz8w6yi6";
--- a/modules/nixos/monitoring/hosts.nix
+++ b/modules/nixos/monitoring/hosts.nix
@ -3,6 +3,7 @@
  "build02.nix-community.org"
  "build03.nix-community.org"
  "build04.nix-community.org"
+  "darwin01.nix-community.org"
  "darwin02.nix-community.org"
  "darwin03.nix-community.org"
  #"web02.nix-community.org"
--- a/secrets.yaml
+++ b/secrets.yaml
@ -5,6 +5,8 @@ accounts:
      totpsecret: ENC[AES256_GCM,data:mc6+rgdhLqcMLq4R6P4D6g==,iv:GZsNKdzA9edMiTnTYNU/KUI5HI5NYdTxOjiaYzXdUMM=,tag:agGQATAj3YqAu7eCnNHb5g==,type:str]
    - name: ENC[AES256_GCM,data:hnEPU+XXIeOkf5DT2w==,iv:wZux1caDhtUF5TcUtqAG03oxVUolUnHq+w35zVtDxw0=,tag:dE3DSzK3FlLlldO7FgbWeA==,type:str]
      totpsecret: ENC[AES256_GCM,data:75Til5U49fkBCYxzqDa33w==,iv:rataIY24/u0ldHid4PnfJyh1E6P8U9OUYszsk/tfMw4=,tag:dWeqIxcO7ASnAZiVbKLiLw==,type:str]
+darwin01:
+    hetzner: ENC[AES256_GCM,data:OPqvPiv9jF2+6Dc8N3o=,iv:KA3nxkD8hUd+cF0486eTnCSE95oYaoVDVOkiecVI1pM=,tag:cEuGEZrBa1dqv5c+JuYrpg==,type:str]
 darwin02:
    hetzner: ENC[AES256_GCM,data:2ivyayF/bCI7BKGkRSg=,iv:ZKO9rViA7gvQplzaPz47WZlsq6kk7wekVrZOFO1zUqQ=,tag:BA9W7OZZk2Xt5nF7SECnQg==,type:str]
 darwin03:
@ -92,8 +94,8 @@ sops:
            MkcvL1JyVFBJV0Y5RFFCMGN1OUFXdU0Kdx1wy6ZOOTg1a6VKaq52SMBvC26lMsW/
            oMP+hmXc2WtoqZp+jZ9rrXz6cZW6/dO7CPqxl3aUEKg6BkXIwgyKeg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-11T01:26:04Z"
-    mac: ENC[AES256_GCM,data:yHBOTHFrnQcMHsIzgiyGYY3KBiHgtrD8e6OlL4DdNgtIsU86IM701g0TRFXLCu5zYcurXkt1YrolPtCvUdycnPvkYxHj/8vGX6iuWvYMupqkB2+5UkHlNCBHWkJ5bJvRJPoDtRSUnI6kJJOY3IT6w3hD9aynT/YfvSnb9RsdKok=,iv:T2GxfZ+0OukuwpudStlYEn8lqNLtUpi9iQlfO9WTMK8=,tag:xb/E2pPZDkY6OJzcCFwm+Q==,type:str]
+    lastmodified: "2024-03-08T05:14:51Z"
+    mac: ENC[AES256_GCM,data:80rbdcagpzJu0kWtMXXZ1Ol9IhZZT042/2u2ttj+K7dtKFnBreUdLbPG1g0g4DmMUtzxRUNbygPtpg47twfPXfKiHxUcbwHUE+duFHOhJA/KKBWbcz/sKBXQQeiSDAluMiSh32V1z0wLwpgxBUlzKK9iML8cbZQYcUQ5gXRcCdw=,iv:nvYw3DQN5c80WPqCoZayzww2OM99cofejWgGgTaNCXY=,tag:2dGSZMKrZkTY6uOxEpXUTQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/terraform/cloudflare_nix-community_org.tf
+++ b/terraform/cloudflare_nix-community_org.tf
@ -75,6 +75,20 @@ resource "cloudflare_record" "nix-community-org-build04-AAAA" {
  type    = "AAAA"
 }

+resource "cloudflare_record" "nix-community-org-darwin01-A" {
+  zone_id = local.nix_community_zone_id
+  name    = "darwin01"
+  value   = "142.132.141.89"
+  type    = "A"
+}
+
+resource "cloudflare_record" "nix-community-org-darwin01-AAAA" {
+  zone_id = local.nix_community_zone_id
+  name    = "darwin01"
+  value   = "2a01:4f8:261:1397::1"
+  type    = "AAAA"
+}
+
 resource "cloudflare_record" "nix-community-org-darwin02-A" {
  zone_id = local.nix_community_zone_id
  name    = "darwin02"