From a2addd299726b4f54a77c3a1eb88f956ee8b476b Mon Sep 17 00:00:00 2001
From: Craige McWhirter <craige.mcwhirter@iohk.io>
Date: Tue, 12 May 2020 13:57:45 +1000
Subject: [PATCH] Added support for encrypted linodes

---
 clusters/linode-common.nix    | 37 +++++++++++++++++++++++++++++++++++
 clusters/linode-encrypted.nix | 11 +++++++++++
 clusters/linode.nix           | 28 +-------------------------
 3 files changed, 49 insertions(+), 27 deletions(-)
 create mode 100644 clusters/linode-common.nix
 create mode 100644 clusters/linode-encrypted.nix

diff --git a/clusters/linode-common.nix b/clusters/linode-common.nix
new file mode 100644
index 0000000..6d8bff2
--- /dev/null
+++ b/clusters/linode-common.nix
@@ -0,0 +1,37 @@
+# NixOps configuration common to Linode VMs
+
+{ config, pkgs, lib, ... }:
+
+{
+  imports =
+    [
+      ../roles/host_common.nix
+      ../roles/server_common.nix
+    ];
+
+  # Ensure the right package architecture is used
+  nixpkgs.localSystem = {
+    system = "x86_64-linux";
+    config = "x86_64-unknown-linux-gnu";
+  };
+
+  # Tools that Linode support like to have install if you need them.
+  environment.systemPackages = with pkgs; [
+    inetutils
+    mtr
+    sysstat
+  ];
+
+  # Configure firewall defaults:
+  networking = {
+    usePredictableInterfaceNames = false; # As per Linode's networking guidlines
+    domain = "mcwhirter.io";
+    interfaces.eth0.useDHCP = true;
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 443 ];
+      trustedInterfaces = [ "lo" ];
+    };
+  };
+
+}
diff --git a/clusters/linode-encrypted.nix b/clusters/linode-encrypted.nix
new file mode 100644
index 0000000..027d99b
--- /dev/null
+++ b/clusters/linode-encrypted.nix
@@ -0,0 +1,11 @@
+# NixOps configuration for the Linode VMs
+
+{ config, pkgs, lib, ... }:
+
+{
+  imports =
+    [
+      ../hardware/linode_vm-encrypted.nix
+      ./linode-common.nix
+    ];
+}
diff --git a/clusters/linode.nix b/clusters/linode.nix
index 2cc1918..1be35e3 100644
--- a/clusters/linode.nix
+++ b/clusters/linode.nix
@@ -6,32 +6,6 @@
   imports =
     [
       ../hardware/linode_vm.nix
-      ../roles/host_common.nix
-      ../roles/server_common.nix
+      ./linode-common.nix
     ];
-
-  # Ensure the right package architecture is used
-  nixpkgs.localSystem = {
-    system = "x86_64-linux";
-    config = "x86_64-unknown-linux-gnu";
-  };
-
-  # Tools that Linode support like to have install if you need them.
-  environment.systemPackages = with pkgs; [
-    inetutils
-    mtr
-    sysstat
-  ];
-
-  # Configure firewall defaults:
-  networking = {
-    usePredictableInterfaceNames = false; # As per Linode's networking guidlines
-    domain = "mcwhirter.io";
-    firewall = {
-      enable = true;
-      allowedTCPPorts = [ 80 443 ];
-      trustedInterfaces = [ "lo" ];
-    };
-  };
-
 }