add nebula

.gitignore

@@ -1,2 +1,3 @@
 secrets.nix
+**/*.secret
 /hosts/nio

hosts/nebula/configuration.nix

@@ -0,0 +1,38 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+        ../../common/common.nix
+        ../../common/kvm.nix
+        ./drone.nix
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "nebula";
+  time.timeZone = "Europe/Berlin";
+
+  networking.useDHCP = false;
+  networking.interfaces.ens18.useDHCP = true;
+  networking.interfaces.ens18.ipv6.addresses = [{
+    address = "2a01:4f8:c010:61dc:200::500:2";
+    prefixLength = 72;
+  }];
+
+  networking.defaultGateway6 = {
+    address = "2a01:4f8:c010:61dc:200::1";
+    interface = "ens18";
+  };
+
+  clerie.monitoring = {
+    enable = true;
+    id = "203";
+    privKeyFile = "/run/keys/wg-nebula_priv";
+    pubkey = "tfBtyAOJ5OtkTulQVI5+cY+vGd9x2l09NaL0Va7B520=";
+  };
+
+}

hosts/nebula/drone.nix

@@ -0,0 +1,80 @@
+
+{ config, pkgs, lib, ... }:
+{
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    services.nginx = {
+        enable = true;                                         
+        recommendedGzipSettings = true;
+        recommendedOptimisation = true;
+        recommendedProxySettings = true;
+        recommendedTlsSettings = true;
+        virtualHosts."drone.entr0py.de" = {                  
+            enableACME = true;                                    
+            forceSSL = true;                                      
+            locations."/".proxyPass = "http://localhost:2380/";
+        };
+    };
+    services.postgresql = {
+        enable = false;
+        package = pkgs.postgresql_12;
+        ensureDatabases = [ "drone" ];
+        authentication = lib.mkForce ''
+            # Generated file; do not edit!
+            # TYPE  DATABASE        USER            ADDRESS                 METHOD
+            local   all             all                                     trust
+            host    all             drone                                   trust
+        '';
+        ensureUsers = [
+        {
+            name = "drone";
+            ensurePermissions."DATABASE drone" = "ALL PRIVILEGES";
+        }
+        ];
+    };
+    users.users.drone = {
+      isNormalUser = false;
+    };
+    virtualisation.oci-containers.backend = "podman";
+    virtualisation.oci-containers.containers = {
+        drone-server = {
+            autoStart = true;
+            image = "drone/drone:latest";
+            environment = {
+                /*DRONE_DATABASE_DRIVER="postgres";
+                DRONE_DATABASE_DATASOURCE="postgresql:///drone?host=/run/postgresql";*/
+                DRONE_DATABASE_SECRET= toString ./drone_database.secret;
+                DRONE_GITEA_SERVER="https://git.entr0py.de";
+                DRONE_GITEA_CLIENT_ID="07f3c25c-4f9d-4642-afcf-c419976cfaac";
+                DRONE_GITEA_CLIENT_SECRET= toString ./gitea_client.secret;
+                DRONE_RPC_SECRET= toString ./drone_rpc.secret;
+                DRONE_SERVER_HOST="drone.entr0py.de";
+                DRONE_SERVER_PROTO="https";
+                DRONE_USER_CREATE="username:garionion,admin:true";
+            };
+            ports = [
+                "2380:80"
+            ];
+            volumes = [
+                "/var/lib/drone:/data"
+            ];
+        };
+        drone-runner-docker = {
+            autoStart = true;
+            dependsOn = [ "drone-server" ];
+            image = "drone/drone-runner-docker:1";
+            environment = {
+                DRONE_RPC_SECRET= toString ./drone_rpc.secret;
+                DRONE_RPC_PROTO="https";
+                DRONE_RPC_HOST="drone.entr0py.de";
+                DRONE_RUNNER_CAPACITY="4";
+                DRONE_RUNNER_NAME="nebula";
+            };
+            ports = [
+                "3000:3000"
+            ];
+            volumes = [
+                "/var/run/podman/podman.sock:/var/run/docker.sock"
+            ];
+        };
+    };
+}

hosts/nebula/hardware-configuration.nix

@@ -0,0 +1,30 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/442e0ed1-a194-4b7b-8c54-b247a1a4bf6f";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/0B65-B37A";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/179f9069-56dd-4b80-88bb-947d5ae28402"; }
+    ];
+
+}

nixops/bulldog/deployment.nix

@@ -6,4 +6,5 @@
     tailpipe = import ../../hosts/tailpipe/configuration.nix;
     dyon = import ../../hosts/dyon/configuration.nix;
     kaon = import ../../hosts/kaon/configuration.nix;
+    nebula = import ../../hosts/nebula/configuration.nix;
 }

nixops/bulldog/deployment_ip.nix

@@ -20,4 +20,7 @@
     kaon = { config, pkgs, ... }:{ 
         deployment.targetHost = "kaon.net.entr0py.de";
     };
+    nebula = { config, pkgs, ... }:{ 
+        deployment.targetHost = "nebula.net.entr0py.de";
+    };
 }