diff --git a/.sops.yaml b/.sops.yaml index 4003ec6..7bcb6fb 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -36,6 +36,15 @@ creation_rules: - age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h - age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n path_regex: ^hosts/build04/secrets.yaml$ + - key_groups: + - age: + - age1kmz80s96paknelzqlz59ezctl7teejdvsm5f48f2udj5sp5m6qaszuauw7 + - age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy + - age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz + - age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay + - age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h + - age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n + path_regex: ^hosts/build05/secrets.yaml$ - key_groups: - age: - age15dljvnazm0njdt7fh7drlsqnqx35766aex8zsv634zzpecu9cdgssmqv9a @@ -77,6 +86,7 @@ creation_rules: - key_groups: - age: - age17jtyn2y4fpey6q7ers9gtnh4580xj89zdjuew9nqhxywmsaw94fs5udupc + - age1kmz80s96paknelzqlz59ezctl7teejdvsm5f48f2udj5sp5m6qaszuauw7 - age15dljvnazm0njdt7fh7drlsqnqx35766aex8zsv634zzpecu9cdgssmqv9a - age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy - age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz diff --git a/docs/community-builder.md b/docs/community-builder.md index 662c21d..7567b20 100644 --- a/docs/community-builder.md +++ b/docs/community-builder.md @@ -6,6 +6,12 @@ We provide machines as public builders for the nix community. build-box.nix-community.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElIQ54qAy7Dh63rBudYKdbzJHrrbrrMXLYl7Pkmk88H ``` +`aarch64-linux` + +``` +aarch64-build-box.nix-community.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG9uyfhyli+BRtk64y+niqtb+sKquRGGZ87f4YRc8EE1 +``` + `aarch64-darwin`, `x86_64-darwin` ``` diff --git a/docs/infrastructure.md b/docs/infrastructure.md index b23baf4..b9314ef 100644 --- a/docs/infrastructure.md +++ b/docs/infrastructure.md @@ -30,6 +30,14 @@ - RAM: 128GB DDR4 ECC - Drives: 2 x 960GB NVME +#### `build05` - [`aarch64-build-box.nix-community.org`](./community-builder.md) + +- Provider: Hetzner +- Instance type: [RX170](https://www.hetzner.com/dedicated-rootserver/rx170) +- CPU: Ampere Altra Q80-30 80-Core Processor +- RAM: 128GB DDR4 ECC +- Drives: 2 x 960GB NVME + #### `darwin01` - [`darwin-build-box.nix-community.org`](./community-builder.md) - Provider: OakHost diff --git a/flake.nix b/flake.nix index 8394d09..2285264 100644 --- a/flake.nix +++ b/flake.nix @@ -77,6 +77,7 @@ build02.system = "x86_64-linux"; build03.system = "x86_64-linux"; build04.system = "aarch64-linux"; + build05.system = "aarch64-linux"; darwin01.system = "aarch64-darwin"; darwin02.system = "aarch64-darwin"; web02.system = "x86_64-linux"; diff --git a/hosts/build05/default.nix b/hosts/build05/default.nix new file mode 100644 index 0000000..c2b70a8 --- /dev/null +++ b/hosts/build05/default.nix @@ -0,0 +1,17 @@ +{ inputs, ... }: +{ + imports = [ + inputs.self.nixosModules.cgroups + inputs.self.nixosModules.community-builder + inputs.self.nixosModules.disko-zfs + inputs.srvos.nixosModules.hardware-hetzner-online-arm + ]; + + nix.settings.max-jobs = 80; + + nixpkgs.hostPlatform.gcc.arch = "armv8-a"; + + system.stateVersion = "23.11"; + + systemd.network.networks."10-uplink".networkConfig.Address = "2a01:4f9:3051:5066::1"; +} diff --git a/modules/secrets/community-builder.yaml b/modules/secrets/community-builder.yaml index 60ae11a..f8487ea 100644 --- a/modules/secrets/community-builder.yaml +++ b/modules/secrets/community-builder.yaml @@ -8,65 +8,74 @@ sops: - recipient: age17jtyn2y4fpey6q7ers9gtnh4580xj89zdjuew9nqhxywmsaw94fs5udupc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyWTFDRmkxY3RrdVhSRTNs - S0xIZmVDL2JoUUtKSVZ3OVVIYXFYaGxrcjE0ClFkcWJ0QXdEaC92TDNVTDVIai8x - dTlDWHNwbVhMVUYwNXBsUGRkaWh5cUUKLS0tIG1KbGs1UDBSMzkwdFZBT21Cb0NG - Zk12UWYvNk1QeHlBcGpiTDRkanpBU28KqoivHFiyz05/c7+doZjsAZdqYaB+0zsT - P0gFhZSM39remjEhNEwuAMbvB0CPwv3yHk544FmYIhNr51rYBTkyKA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVYStmVlM1bFhyV1p2bHpr + eG93aTVVOWs2OUpLMHRsTkZVRzl4ekZ3M3lRCjMyWXl6dWhtSng4ak4xbFY5UUJk + SlhGREwwdW9FNU1rM3lZNjVyMGNqQlkKLS0tIDg1TmpsWTVBWURyNVFjakg3emNI + UzU2ZTBCRHY4UkFYbHBWdFpUMXFyWEEKUmuwDrnE6TEIv5U9bzZf2FMjxAfl2Wiz + FeyoA7LWz1L07xFxmAUvZTOiAOzTdD0v9NYDtK/pvMKe3ZeE9Yd6Ag== + -----END AGE ENCRYPTED FILE----- + - recipient: age1kmz80s96paknelzqlz59ezctl7teejdvsm5f48f2udj5sp5m6qaszuauw7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpcW5zT0VjQTVoSEZqZzBR + R0tWbURtSGhKUUN5UHdTQXlQbWFXVFhsSGt3CkhDUXFMeW9ud29DWjE3MVZ4U1Jq + MklWMndyd0NxRTFGd2xjRzlqVFg1ZlEKLS0tIFFObVRDTlBYNlh4T1A0bzM1RmNV + dFpmMjBBTXp6OHU1ZEtRMjRBSVhBTzQKmppJXXFu974jMbthD09ylX0VHw4JwYqZ + PCp7CfKPoR5tXw+LSpdbMH2Q1CHr53UwuWhfKSDtNrJXz2aOmtv3WA== -----END AGE ENCRYPTED FILE----- - recipient: age15dljvnazm0njdt7fh7drlsqnqx35766aex8zsv634zzpecu9cdgssmqv9a enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1cWhnNzZJeG9qU3kxZEdB - SExuckNqZlc0SysrNjhEeWgvRVhUTm1NZGh3CnhiaFFqeTBJN2k1cnV3WHArb3JO - aXNDYTFqZEl0SnBIQWw5MVBnV0NrUWsKLS0tIFBBSE4xZ3NjNHRqV0MxNVBMbzNK - WWlMQjR0Zk1MT0FKYUc1MXlVV2M1TGsKub+bwfC3xT8UXNUsomDZ48+LITwrzutK - 59QJgqvikxLJEeo0agdc2A66A9UxgeFJQ45DWEDDCAu/Ru8+6f0QnA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWHpCRGE5elB0SzNpbGNl + SkVleDJ5bmtrNjhPNmlpdk5QaEdSb1FsNFhjClFzaVRBZUN5Y2M2NU51WmdnM2Zr + WDl2bUJBWVB2VkY5Y1F2dzNWTTFlN1EKLS0tIHh0NklxOGVLN1MvdFRNVWNwZzUv + RUJXZmQyUjFZQmM3WVJVRWdQMlhlNkkKP81eUdjZ88PiL1hr1wNzQ2w6eSV+samh + vT0lRrDlQX6CHhF0YMAJYmXiIGrf2sTqxDsBiMowk1mavlzG6+/+OQ== -----END AGE ENCRYPTED FILE----- - recipient: age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQSGlRcXFYTkhlMHFZR0w1 - UUJWVVVCS051TWRudzRYekRGanZoQm1QK0Y4CllXekNXQWdVaE9RNjZrb3YvTVJo - T1F4QUtBak9FeHU2aFI4VGRRWWRTUkUKLS0tIHI3Y0xhQ1ZWM25qelBLOUczRUFn - V0QyZUNDRGo2VkZVWHo0clBpalpraHcKPxp7J2HK3xoKZBY4jk38MY/nuEmkvZQz - u1MPnH7eKFDO2Nm2zKU2BjWjvOtfvQN+eLWV/XyFQJrLEfe0AHoi6g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdnRmQmVkWnMzOXVCWGFu + SUNCYXlRaTM2b3ZUM3hLYjU5clArT0hrckFRCk1PNENnbXRMRk9FTkhGRnhSSHdo + WmFVNEFOSzZ2UzVGUUJ1bVV1eUpFemMKLS0tIEd2U2s0eitlNlNMZDB1Sk5GRmt4 + YXY4KzJxdys0Vk96NGFqeXZmU2ZuTmMKk7Y/22BRUG+Rr+wsvwKUXKCoh+dnntn/ + kOLKFzw3mGAmoKGLGBTPCWdrDeGi0rgF49Zi4uvQRKtsBWUAGz1BpQ== -----END AGE ENCRYPTED FILE----- - recipient: age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQU1SNUFIQ1FQS2hDS0g4 - aXl1Vzdhb21hRGFIbGREblBIdC9UVXlpKzBzCnVSRUM5VXlMOVVacWxWd0JwM28y - UHBaQmdNODkzZmFDWXJiZk9tNWIxVkkKLS0tIG94MEtCbEZwbHZmVTRPL2pNOHJr - T29IQVFQa0tsMTNCOHl2OUdyeG1GSzgKQbZnm/IlLzBkHeWF57PI7WA7eiLzlKk7 - +R9Fn1Q51NS3Ht7looDcmy6J6iU7gtyHggaadku6v6AwuxiMniSjbw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhNWM5dWhHUlJieFlKQ2sz + L2dpRmVzeGI2YlBDZ0tOTlV3cDZjS3I5SjFnCnV0M1pITnFzZ2Q0cjB0M1pZSHdo + TGlhN2UzY1dpRnhDUXhjbWEyTVQ5WUEKLS0tIHN3dFdqNVF5R3ZaamYzZ0NzcWdw + N05VMzl1enhYUHdMbnVpTzVITEszR1kKq7DSE2M7gs4qmKZ9ZApEJCDoMR4vi1rB + v/9WtykVnk2pwUIrnzkonJ/iJkSmqDsFaX5y+AFYhf2hqC8kivOtew== -----END AGE ENCRYPTED FILE----- - recipient: age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOOW9jMzMyVmRIS0RSZk4y - NHQwWVgxdllVVkdPcjVTTFpaMzRrZkJPOVZzClpmWkpYOW4rWXF0dk1ralhqMTdQ - Nm9wZTIvQ3hPMDVDMnY0eWtZOHEwZXcKLS0tICtoVGRIZmVlWXhXOFVaSElYNG5D - UlhZZVhFTHhsYncwbnhWdE5WUUxvL0kKksYQVCgs0f4n5f44pMjiIVi4rULhK5Fg - DLzcVFGrMKXOl44r/shlsFAlSDwlFTHWvsslPUPvTKwFvObG8sZHew== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmVHFXeExKdTlQQWlJYVli + dEVkeFRDK3lvZERwdzVNWENxcjBabG9BNVh3ClV4cjFTZlplRitOcngzOTJlWllh + ZkVlTk5vSnJRU292N2UxWWU3T1M2WFUKLS0tIEZEa0dGdUhmckNVamlxdGdGWUF5 + eFJQZlRZZDRSYTRhYStuOGRjVzA4OWcKbKSzmP2XWytvyLp0ifztser/NxDJvAqT + P5O7PXaABW+it9DUuOboG2BKKiL4uesuAU+MexQ30n/TrZIjXBYwRQ== -----END AGE ENCRYPTED FILE----- - recipient: age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNZklWcFdRYW1sTzg3V0o0 - YzJSaGxQNWl3endWbXNJUlhGSWM4R0JLeDJ3CjgxeGhjV3RMNlFDb1pJYVRsK0xB - eXBwS1VMWEFtR3BkaEhET3NkMURmbFUKLS0tIFRPRlF6VkVxanRhOHNucElVWXZD - S0FGbCtUTiszUmFSNXpEamlPbUJ2NGcKe/F5skYhmZJb+0vlsolb325DVkoEj1W+ - POMMrqGwQcszsKYvxTcM5Sq7YWy7LpyP0ymEWgcvfQHrUNx2oVBZyA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1T0Nzc1p4RC9wSzZPbkEz + Tmg5R2Q3SThRUGhodkpSRXppdURrYU52dmpvCmVvbFVVRllPd2EzandrQTFpN1hM + QUUrNnpCa0tjQXN2NkJLRnRJWUhqMkEKLS0tIEhhVHFhSmluUkVtdVFCK2RlQUxh + YzRVRTc2SkJyZ0xHRTd2cnFCVHRHWjAK8EiJyaVCFWweD5Iqu0je4wSzPYagz0fs + Jq1zijoNTJUUU9+TsS5Ps8g/FYuhdFZUtTzn0C5gX4kNorjUfUjtjA== -----END AGE ENCRYPTED FILE----- - recipient: age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBva0I5MjFqTUg1YVNqcXY0 - dVloNFpXcGVYZmZOdEVTbm1xVEJWVHVqZ0V3ClpXeTRXczNWbDNpSXpaWExTZWRL - K2xmeERuMjRNS2JpSkJoUWlPK1phUzgKLS0tIHI3UkVMbGdNUjNhMEQ4eEQzQTda - NXdhb1l0Q0piTUJxOEVrQlBCaUVXZ1kKT5F2kxG7HukY2KTrdgHAsLgSsGS7P184 - EIPyGGrrs00kfrT0PiUl+1hVSl3uM6lAootLzdXqnFRjejt5KTl9wg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5SjdUeVBSbkh0bzVSZDha + QndONlVaTTkwamd1ZzBOQVBxQktDM3dYQ0JvCjUvdXpLbytXSG5TT3g0Vkp5eUxP + WVc5MERUWXdLVkF1ZS9HZVk0a3RySHcKLS0tIGoyQkg2NGRwcFNQbWZpbWlzTkVC + cGxZYklteUg5dHVnTmNUOEpGQUtkSncKp+iUiNmHlDAxco5U57UQXDrBavIpslvB + s0eYBh586A9PKaIWmmQo4T8YM61MIFrG4za+uiIP2th+WHjGGH9a5Q== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-12-19T00:27:32Z" mac: ENC[AES256_GCM,data:hKJQ1ef7CyPOD8xd/PCqOpGSBYpSpdW37P9nOXeKQEHE58vCaiQyy5RziUIGKUI7KIcxHwa1agn/yBdaWigSWihImH2WlRMQnQJAQoSV2Tc8sDhDFFckJEDqh0Pm0g+HcjL/59J4G4QJuRgVdxNBeRT472gQN/u/Lw1CE2s6ONQ=,iv:IU2cLIfCT6DuViUTFH8EnvaWA4ok96CzXs86DRsonqM=,tag:T/+HmZLWvYNkR3u2jSWM9Q==,type:str] diff --git a/modules/shared/known-hosts.nix b/modules/shared/known-hosts.nix index 83b46d8..02411a6 100644 --- a/modules/shared/known-hosts.nix +++ b/modules/shared/known-hosts.nix @@ -16,6 +16,10 @@ hostNames = [ "build04.nix-community.org" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvzMJfCiVKGfEjCfBZqDD7Kib5y+2zz04YI8XrCZ68O"; }; + build05 = { + hostNames = [ "build05.nix-community.org" ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG9uyfhyli+BRtk64y+niqtb+sKquRGGZ87f4YRc8EE1"; + }; darwin01 = { hostNames = [ "darwin01.nix-community.org" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMHhlcn7fUpUuiOFeIhDqBzBNFsbNqq+NpzuGX3e6zv"; diff --git a/secrets.yaml b/secrets.yaml index 3dc2070..4ed4d34 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -13,6 +13,7 @@ ssh_host_ed25519_key: build02: ENC[AES256_GCM,data:kwc1rs7xbKod7+vV9yDNqAZMmTqencDe6LTMqxihNLuvGny1atjJ/4cf2vnWEyPar4AvqLtawbIexowbpgyzIiJBKskw0voUgUan0TMH7dsjeZtcdnBSsGWDlcBSjq8bK+yfNMWxwaq7FB9eTJkhN41UhQwqXIVpitEJg0LQcz7+BeQnYhCMnMOc+AG78zIZK+lbzAikejFJUV1A0/kmEl9VirBTpGqxhsiPUSCpAq9c3mE16f31YF9bUn9Dr/4gLW42xxbt/+6psDstKlKgfldzC+izCCCfL1qKcKz7RtyLX37O1MkQqLWvC5I5XRt81tKPOgmtjtGSM0iYmx9zy6FKGJlWqHGNb5K+g1NugWuKMzkBQNoWIypS/yHUY9R3eLa6JJM+tfE/Hvw4Q6/4HGBePMauULd/sgTC8D6o+6023a9ZdC6vdwAWzgWzhbG8uN8vjRR9JKy8/tzgzWJsR4PvPFw9ka0HbRMjigmMxZ817Z6iB2BcO2xmJvD5hP2YpPKCNLQzUznq0vh1s91C,iv:cQERNZJUQ0TJW0pbEzJF6O+1Idkt2e+I06+Kjygr4lk=,tag:2X4KhuEd/0153sCT7qeyqQ==,type:str] build03: ENC[AES256_GCM,data:GsCPKzEPBkc3o+6gSKXIEXudNOg4hQ2i/nVu0IoPVG99QaL77VxQczmiEINPCXYOqvH0ugD9TGW1SEOghv1VYzCus98IMcCfWJqiZAEPjqtu9uvoBR54uw4rehHrMeBD5auGzWwJcJ3PT2fHAE0G9A6khWLdYyE7O9OFo490DAJD/XMO/beEsMiLI9nTCzLgCEL4koM8Omg4crq2ixLcGnueBsP5uF+W8vuvKBwz1TgAg7qguNEYnqHVZLEQgKBMCdca2yPmKnbEBMKnlsjGOWThT9Bw3JB8slBaIV6dCvvFUNnfqhVo9NZtaLH7ciPZCD1+vk9ja7KE8PqwUGVbrQM32DFajhtFSJa+IUZYAda192ZTbVEE4T/xL7mhYsS1rnGFIsGVSHjC/QgC9VU4THbkcO/1Uzt0H8OeSaMLERxpKmVqqLlvQPAs+/bos3D9vHHlfiY6liq1fa0++2+JnuSTsKLEmh6+h1/prhQ8oy+0imm15AHDsTllbaWxMjRCBSVaua25+h2eTEci1T3/h8XiM3+S7yWa3sfoe1Kj1fNmDlQ=,iv:VRAoe3bRpEBDGDAX/dZM+TOM8I6K2oxb1d3Ld+BQKuE=,tag:CIndzn8DJdxJLuFMtpk8Ww==,type:str] build04: ENC[AES256_GCM,data:e8qLPiTruUq1OSgfR6KQ/zXMeLeTapH8k9viglYdz0mjG198oKPc2JNgLsuL8vFBafJ9P0SHJlKH6wQNApPNgEaktfTpx11WlK5oEa9J/Bw3OuFUJnyRE3UzxvWNzj5BVIk6pQBDhc2rOucAbiWwTJu76Wxopd5PQ5GVyEK2OIYaZ2rG2ZlF9RbfZgfiq0HBkZhPfL4osUMGmFRsa6p18xH4wm+Ey08n5DG27AxGf7yjKiXswlZfzgxX3ukqsNw5pw3GNHRLjlsJsprTMVj+hgS5N3PeY+IViJKHE0VmEU3pJzlFSAk05mTrYzJ0jHlfQTbWHs6wYkc3EbKXG83zcviowGMK78P8Qpy0h9/3+r1I55/3UAd4JKnGbz+ADTMwowgNeZO/Vv0LQN3zspyfmYiQ3sD55kdGLWVnWFXZ1m0x+3D+CK7KaH7hqoT0GY2rYFwvM5fXKy7ekrGtpUyZPy8iQw6Vxl0+bcKgU6IcWYikZ32XvR4bjY9uDBvuS+Kk1e7y9WTy2h0p5fw7T2aWE/rw9m5TuUnn13gRHo1KRfNApzQckc5NbXG+VhMrQ9y1,iv:to8K9ljpumnRFz7lmxi0C6JT6xME3Sukh2jWRYkZlPg=,tag:puIarMsuxMidHOJ18ZO2mQ==,type:str] + build05: ENC[AES256_GCM,data:VdABmf9bdGvRjgoSql7FWBMPOlU1ekWhn31UrakRvM+ApQa1QDY5YQYYlPgJL7qGsamZ2rSKO19jLYRULU9rqMC+qUctJ9JsBjhQonRLZLDH9k16bvezsf6FJ56e/X8iR+fpGJ2y2heiOfh+kNsPD5N6S5bHZDOqVgf1LH0NQ4XXeRwZjBZUoXwrwpfbLLMrOtcmsW0IdpR3OAJVRg5UMUa6mQgTfe3jne9Adb1PFb9VG4bxz4A6bnbdZb+olKaEp3Fz+g/pg7XS4QovGXb/f2DRpZ9cLYdnCKGdC5xaXsH3qP/kDubIjA2Ymp6vvgo/oQdwR5xGDWnzbw4oAI3jsDIHb7V4EWKdY5RcVyxTMhSu5ZJy3KQv42NRIeeugEb4CHdY45z2cjdvaaxgIQSdRW8jayVtpEnWX8uj2ml2eC3aIA+Dc6+UH4BxkdLrbgnc3kSWx9S/yVaPYBUWWXJSUUGo6w7KJJ01VRdzh0dKEvq38lIogV+Lt7TgFZjf8/U3OyN5,iv:CmdE4wyS9nFOZ/SKumwC6ZUvm/uu3rrmviToBQd4b3E=,tag:dlxH/O53sxCLcJ//gDnO4A==,type:str] web02: ENC[AES256_GCM,data:KR3sChbsD8B2OPyWgrUXsXcOZa5GgYrP819LuIQt9kmd83KIidG0AzuPbHjnpB4gLRgLzMUEGXzretmITHr8llIlFzzehLXulLsdBNT4FiyD80CjzUUxT/L1TadSWCqf8DMn581t6CwdpYaOPfrAesxD4ZJE0O/6oa6/pUG6AYAgFui56PAfUb1A04O8/hYZu5M9o+OxYeX7Ep3w3Fn0815Oe2qeILdjmIgecaKmc+rscJL8CrDanX5qYdAnzBEL0U8uWhDalVtHmgvTUcITeyjDNeVR0Zb76Xfl6HJb9HOpXS6DfPugONAEGyigte3PHd8lQbGArtR3UxVl95z2gQRcDIEHiYPnR1CHs1HEmLjCGot0jOnC9mHC/NAb6EYrnmRNxgu0elR3O6PNwf89Nu3Jq87GPlVTbggMg4bW8/d+ZnsOPUDSfB6F9HMDjKqu0qJdRt9D6VV/OfH537vw+XPgw/9Evdhb4tL5qX3FVjyxDSU1v5thnzum4mGoZI0S2EReRO/MO11orpIBeNOw4bwzPl7ftD6Emb0v,iv:qcewvFVbCppM0063eAVE2qkl348X3Pocm3dd+H/9Hko=,tag:QlXb7KkWV6tztq6kAbIhlw==,type:str] darwin01: customer: ENC[AES256_GCM,data:Ygqt1vjB9S95ME5S,iv:Rxjskp16qkiIP5+yqmQK76pGKL0Uu4qrDSOQRaQMlIU=,tag:A4aDNEWRDDnRrQr2/WwEvg==,type:str] @@ -111,8 +112,8 @@ sops: MkcvL1JyVFBJV0Y5RFFCMGN1OUFXdU0Kdx1wy6ZOOTg1a6VKaq52SMBvC26lMsW/ oMP+hmXc2WtoqZp+jZ9rrXz6cZW6/dO7CPqxl3aUEKg6BkXIwgyKeg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-12T04:10:17Z" - mac: ENC[AES256_GCM,data:MfsZWeIrvoPFXirZu/qPXLyE8Q1IEdLSBX+arQBncgcp1HFyNQHHa4VKnWYT8zbmwrdMMPxDKZLJnihQhmIICiOP19Lub0CwpAPzGhTdpOsMuMW5qoirTL1S89IcURoWoITuBafsxP5Iq2ZsIJK7CzHGK7tQTggmzfhzhjkS4j8=,iv:ea+SCt/qPrPuO8okdSvUNl6VG1rUd8MonTCb34beccE=,tag:iwVwCWjdppGrCt13jpSIRQ==,type:str] + lastmodified: "2025-01-05T23:10:24Z" + mac: ENC[AES256_GCM,data:eU+Fviv9czFkz+fGXQZSh7RlMGNhrWb+4NX7uBljU9F/gyRrMGdMmqlCHEG9spJV3ytnXHE8ByLMcnojLC9Gou3pbCjN7+X/1KP82KS05xKh6P1x4S3/uSyYl5YYSzuDxVHiT4NuCCwx5vyRUO33YLP68SZdFlFCGp0/SUgdd80=,iv:Pr/BHMNiqj88jkOMDYKtqnSnoBGSxNqEzGwNSQuPmr0=,tag:vR+XXYWnRzEIQOPHpNTndw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/sops.json b/sops.json index b5acb9b..672ebe1 100644 --- a/sops.json +++ b/sops.json @@ -11,6 +11,7 @@ "build02": "age1kh6yvgxz9ys74as7aufdy8je7gmqjtguhnjuxvj79qdjswk2r3xqxf2n6d", "build03": "age1qg7tfjwzp6dxwkw9vej6knkhdvqre3fu7ryzsdk5ggvtdx854ycqevlwnq", "build04": "age1r464z5e2shvnh9ekzapgghevr9wy7spd4d7pt5a89ucdk6kr6yhqzv5gkj", + "build05": "age1kmz80s96paknelzqlz59ezctl7teejdvsm5f48f2udj5sp5m6qaszuauw7", "darwin01": "age15dljvnazm0njdt7fh7drlsqnqx35766aex8zsv634zzpecu9cdgssmqv9a", "darwin02": "age1xpzexnaulzdjtnwstvgvtq2ar7nkk2lj46u96ewjvtgt7g47jsxs0mhag3", "web02": "age158v8dpppnw3yt2kqgqekwamaxpst5alfrnvvt7z36wfdk4veydrsqxc2tl" diff --git a/sops.nix b/sops.nix index 7705e4c..e7a3377 100644 --- a/sops.nix +++ b/sops.nix @@ -30,6 +30,7 @@ let ]; "modules/secrets/community-builder.yaml" = [ "build01" + "build05" "darwin01" ]; "modules/secrets/hercules-ci.yaml" = [ diff --git a/terraform/cloudflare_nix-community_org.tf b/terraform/cloudflare_nix-community_org.tf index 4b578ce..77e547b 100644 --- a/terraform/cloudflare_nix-community_org.tf +++ b/terraform/cloudflare_nix-community_org.tf @@ -23,6 +23,10 @@ locals { ipv4 = "65.109.107.32" ipv6 = "2a01:4f9:3051:3962::2" } + "build05" = { + ipv4 = "65.109.82.88" + ipv6 = "2a01:4f9:3051:5066::1" + } "darwin01" = { ipv4 = "49.12.162.22" ipv6 = "2a01:4f8:d1:5716::2" @@ -38,6 +42,7 @@ locals { } cname = { + "aarch64-build-box" = "build05.nix-community.org" "alertmanager" = "web02.nix-community.org" "build-box" = "build01.nix-community.org" "buildbot" = "build03.nix-community.org"