feat(utsuho): new host

2026-02-09 12:29:19 -08:00 · 2024-03-21 08:19:43 -07:00 · 2024-03-21 08:19:43 -07:00 · 64354376c7
commit 64354376c7
parent c37901e4d0
9 changed files with 167 additions and 4 deletions
--- a/ci/nix.nix
+++ b/ci/nix.nix
@ -8,6 +8,7 @@
      "hakurei"
      "reimu"
      "aya"
      "utsuho"
      "tei"
      "litterbox"
      "keycloak"
--- a/docs/network.adoc
+++ b/docs/network.adoc
@ -19,6 +19,7 @@ shanghai:: `10.1.1.32`
 hourai:: `10.1.1.36`
 utsuho:: `10.1.1.38`
 tei:: `10.1.1.39`
 reisen:: `10.1.1.40`
 hakurei:: `10.1.1.41`
--- a/systems/utsuho/default.nix
+++ b/systems/utsuho/default.nix
@ -0,0 +1,7 @@
 _: {
  arch = "x86_64";
  type = "NixOS";
  modules = [
    ./nixos.nix
  ];
 }
--- a/systems/utsuho/lxc.json
+++ b/systems/utsuho/lxc.json
@ -0,0 +1,21 @@
 {
 	"lxc": {
 		"lxc.mount.entry": [
 			"/rpool/shared/unifi mnt/shared/unifi none bind,optional,create=dir",
 			"/rpool/shared/postgresql mnt/shared/postgresql none bind,optional,create=dir",
 			"/dev/net/tun dev/net/tun none bind,optional,create=file"
 		],
 		"lxc.idmap": [
 			"u 0 100000 8000",
 			"g 0 100000 8000",
 			"u 8000 8000 128",
 			"g 8000 8000 256",
 			"u 8128 108128 57406",
 			"g 8256 108256 57278",
 			"u 65534 65534 1",
 			"g 65534 65534 1",
 			"u 65535 165535 1",
 			"g 65535 165535 1"
 		]
 	}
 }
--- a/systems/utsuho/nixos.nix
+++ b/systems/utsuho/nixos.nix
@ -0,0 +1,21 @@
 {meta, config, ...}: {
  imports = let
    inherit (meta) nixos;
  in [
    nixos.base
    nixos.reisen-ct
  ];
  systemd.network.networks.eth0 = {
    name = "eth0";
    matchConfig = {
      MACAddress = "BC:24:11:C4:66:A6";
      Type = "ether";
    };
    address = ["10.1.1.38/24"];
    gateway = ["10.1.1.1"];
    DHCP = "no";
  };
  system.stateVersion = "23.11";
 }
--- a/tf/cloudflare_records.tf
+++ b/tf/cloudflare_records.tf
@ -65,6 +65,15 @@ module "keycloak_system_records" {
  local_v6  = "fd0a::be24:11ff:fec4:66ac"
 }
 module "utsuho_system_records" {
  source    = "./system/records"
  name      = "utsuho"
  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
  local_v4  = "10.1.1.38"
  local_v6  = "fd0a::be24:11ff:fec4:66a6"
 }
 module "aya_system_records" {
  source       = "./system/records"
  name         = "aya"
--- a/tf/cloudflare_tunnels.tf
+++ b/tf/cloudflare_tunnels.tf
@ -58,6 +58,34 @@ output "cloudflare_tunnel_cname_keycloak" {
  value = module.keycloak.cname
 }
 variable "cloudflare_tunnel_secret_utsuho" {
  type      = string
  sensitive = true
 }
 module "utsuho" {
  source     = "./tunnel"
  name       = "utsuho"
  secret     = var.cloudflare_tunnel_secret_utsuho
  account_id = var.cloudflare_account_id
  zone_id    = cloudflare_zone.gensokyo-zone_zone.id
  subdomains = [
  ]
 }
 output "cloudflare_tunnel_id_utsuho" {
  value = module.utsuho.id
 }
 output "cloudflare_tunnel_token_utsuho" {
  value     = module.utsuho.token
  sensitive = true
 }
 output "cloudflare_tunnel_cname_utsuho" {
  value = module.utsuho.cname
 }
 variable "cloudflare_tunnel_secret_tewi" {
  type      = string
  sensitive = true
--- a/tf/proxmox_vms.tf
+++ b/tf/proxmox_vms.tf
@ -1,9 +1,11 @@
 variable "proxmox_container_template" {
  type    = string
-  default = "local:vztmpl/ct-20240211-nixos-system-x86_64-linux.tar.xz"
+  default = "local:vztmpl/ct-20240319-nixos-system-x86_64-linux.tar.xz"
 }
 locals {
  proxmox_utsuho_vm_id     = 108
  proxmox_utsuho_config    = jsondecode(file("${path.root}/../systems/utsuho/lxc.json"))
  proxmox_keycloak_vm_id   = 107
  proxmox_keycloak_config  = jsondecode(file("${path.root}/../systems/keycloak/lxc.json"))
  proxmox_litterbox_vm_id  = 106
@ -330,6 +332,79 @@ module "aya_config" {
  config     = local.proxmox_aya_config.lxc
 }
 resource "proxmox_virtual_environment_container" "utsuho" {
  node_name   = "reisen"
  vm_id       = local.proxmox_utsuho_vm_id
  tags        = ["tf"]
  description = <<EOT
 zoomzoom
 EOT
  memory {
    dedicated = 2048
    swap      = 4096
  }
  cpu {
    cores = 2
  }
  disk {
    datastore_id = "local-zfs"
    size         = 32
  }
  initialization {
    hostname = "utsuho"
    ip_config {
      ipv6 {
        address = "auto"
      }
      ipv4 {
        address = "10.1.1.38/24"
        gateway = "10.1.1.1"
      }
    }
  }
  startup {
    order      = 4
    up_delay   = 0
    down_delay = 2
  }
  network_interface {
    name        = "eth0"
    mac_address = "BC:24:11:C4:66:A6"
  }
  operating_system {
    template_file_id = var.proxmox_container_template
    type             = "nixos"
  }
  unprivileged = true
  features {
    nesting = true
  }
  console {
    type = "console"
  }
  started = false
  lifecycle {
    ignore_changes = [started, initialization[0].dns, operating_system[0].template_file_id]
  }
 }
 module "utsuho_config" {
  source     = "./system/proxmox/lxc/config"
  connection = local.proxmox_reisen_connection
  container  = proxmox_virtual_environment_container.utsuho
  config     = local.proxmox_utsuho_config.lxc
 }
 resource "proxmox_virtual_environment_vm" "freeipa" {
  name        = "freeipa"
  tags        = ["tf"]
--- a/tf/terraform.tfvars.sops
+++ b/tf/terraform.tfvars.sops
@ -1,5 +1,5 @@
 {
-	"data": "ENC[AES256_GCM,data:xhV1so+M7nd5ZlBcCHDp3mIJCCshTi7Tljw2m/Fy9wWuvqOFSthm+J8q8aOm7JaReU0NlGq2aUg0SlEDF/MQ7UU36P30OkL1AdEOeAKeOL6LUfJGNIwaBNrykGTorP/uUAUwueXfGOJ6Btxu/BNa6w+L+GpKPjwTxUaLLnij06suUtDduWszEFLrbhoBiLbbI1RUoa9EbPfgKd364QIvwCR7hT+w0LPg+ArrAgsMXnWtyrWHfieCgPL1gBxfbFBUFalt5BnlPVzmML2KcJ5GLvgoMfWV+scp4m1Y/kxkm0azRBeuHPFO3g0pLZfk57fmvoedFod+e/mttaRi+KSc5kipMKrmirFUR0fjf5GFpM2oH3UsyoQp8tD/Sn85jT84k6JSDsY5XYNwqT5N1mJ08olsHvep/mZXVnmY3iPo3IkqGcI6HHxpgB57INll3lrAD1X8Lc9zYY/qgCzYsULX6lejUNprg/IP/felMGe74dRm+40/4ZbObD9aKSAhXJHUBTjite9jksTrsaCzF1EafvYPaVIW40ci6SoK1+zsA1Nvuz2GB8kGw50xVuCmJcsgR+Pv1IcfjkXXoGbikBMbcy2DNzOA6DOhrkGW2h17Cx06ZE4MgwaTcXgqA2nAF+xC9s3um8WsZiWdZLKCEfaELtrXqb8LlSeJ9aCwvNzLELAbwq3AzgTNGzR/tDhV8FYKeNa94/Uh2rdFhVZCgZZ4Wllg4P6yNmuc/meYqyw3U1VmYjiuGWLmE5x8JxvN0Ro1tEGzpXJyuGGzN5rqDxfval0JaWXaCRKN7i5yQZWJ+9hzFg95GRtb6hS7yFfTh7ZmKH8Z0rpKr0l6vPWrcdMHP+AEXtymw+degwBM88VgXuhRxtz3Yid+Bqz7MeQVQyBAJeqVWc5VHX+lpXJnPg08f6WyInEiXC4w+sUDcH7M1zAZVF7BFdfrlSabobv3rikX6rG8tvp0Cr1PdjIE8RZ4+o6OSkO3VdxuEP3O4c6xuGqbvVzKqsb4vPtLpz8mYgs8jEt5z+mVaQFJfYris+yLUE3zMcpFFKGA9pGq+60/EKtdvWpXruCmdG/XuXMN0LRkDh2Pq91oXeUkEKgFRZJYcEhf3gQ8NYt2nWdG6nhtT6PqJT/WA0Z3t/YN4fx08xc77QdV4qeD3u2wdOCHSbyctllmLO2IPtRsJGgEzxD3/sM1Zc9T0YI3JgNblMQIG3nch3V7FQ3tdIOS8i3Y46pyOlh69ncS9Ifja12DLrjlebGbAJHVuVwGzddsjZ+6TAFlgbkC3l4tpfYnKHNz7TgP8B7djwejFCqpOE8pRC800pxMDgIqwhd+zJDQvjZDcSbtrdTGh1giABCu/yauSEDi3B53Rp9xp9WOgApm0g2cdH29cPQVSlnevD5hk2lS8+DCfFtct7AAVQsIsECvMInOxMKBXQuRWhbUvatk5gJProgdWDts3w9tueChjNermhihSlf3tLyoYwNPkculWkhQmqhY4Gf3562putVkTb/di+or/VPf3l330rn9OGse//koJGZM7v2LbbxTle9LbytFJ+gKAcr9gcW9Dg2We3ZXuZUKkzCzcPt0ghvOc40g1BuziULLIClO8aKKt88BSyUwmbLE6+ZV0by17h/hYd0t4sUnYF94sff2a5Lh7Joay07J8HvV7M1uWhC/vt7ua+m5dVcrUNXzJV8iuw9W0u2V6kWiyeT3UpBdhPq6/k99gQ7+VItSJmN2GOKot8ndG5M9x+ZGY68LVxXkW8+eZUiWJAqdDHDdzPGca6Nm5WZmDtck8WjldoOaaMzijzQ+Jt41bpJiP1Yq+9s0ORR5Q6Af/4wgfAwZAaTF57soLhrCAPgv5vmx2bN0uNjEth7tikvyp7HnmHmv0eYRkuWyJkdI6nw+fqFK+Drqq/FbraYL53B6FIMpCdX9FjmNg1rO0eBxPmOHKyOU9Hzes+aBztYoqPPbcGXp8zEyN5JmjD9Xz6HB7EnYuzNMcJUEeH6eZSzBMx8+pJLbYJB11DysgdN4tYTHddKgOtTLGkD0teru+tsJBKP1i5buq+S7zWa8EVnYbbK5BR8mQK69meXRwZpTwQgHvyPUwGZjuWnLU3D9T0+QE478XsCiQWy34paGfl9hsljlHtp/KQUL2bwhtU/0Eyqy6DOqOePZV0Y58wrJpDmafP+w2raDZ9FboD8zXANWFPGh0Glo2E4=,iv:6vdvCs0371Zr1d/C6KHZkATVLFJRyyWuwtqEP8SkouU=,tag:QYh+Ufu8YIvvziHGLt/FZw==,type:str]",
+	"data": "ENC[AES256_GCM,data:iYpHoTiF+5qNkJ/ZHU37H3fqSIYgaqJnz+LVqcUhbmDpfKLngXeXV3dBqwk6ilBxVyRJ33v+ZbfeatLByk9v6JL3YmfKe/f/w+EBWEbKVy0qXb2lOHOCGMm3PFe+FP7DLb9deAWTi8S4FMGAa41xufbVIM+kOjQXwL3JH35dbgyyaqhmXknX4p800rt/T4TWo4NTfkRrR9G1/J+EaqeO0qRIJk2Vu/mqeXtbtyY13MrFCri1qw7FcvNwseFKWjzCCclfI2X+juNCxfYdXqjACmXyFMq0J3oYKHofMrts64+B4E5RjQb3j2FoCMNIAsKAGOoMEHQtWhiDEMPG3/yRIBoQ7TFFte5C6rN5O6fDTMel3q1vUHsazdrDX6nZ9HoV7H9GHlGApOqQ3AF4Zh7SMT6cN7hQ1G846o3igJ4UvX2J+q0Y8y3+Kl7JHo7axvRxEQ3h0jrj8KP8F4RpZqf07kDgfPyd2sZW1f1BMc3zHbyupWOfp7iGd2mRSdp5LRd7QCsryaX1e/P63NhqKfckScG85GEEGIsPRymeEmBLrhyUkTRr0t8I5fACdURbsRYYMVdd2Sy12DXJ8WfJQYunVJmIBkC2D8ZLy1+BGyuUpHFcOMEYmg6zHor32ghnEYVntp/XrwjOxBdeo7T8ntExbRNqAHqhFE1HT72cwCDWHt6EUtArOL4/BEzmkq43lgo1VuKrW2QjZDmFTTd8WlaAoVoZtJphY4RWkvJjjNmaGv+UiProVYFGRyg7hIHiwj+jP49WGEq5enONR6mnws3cog9pkRjH6IZrUIqcU4Aqmee1NU78KjM4G9q03/T+0P3YqP1VxGe39SBK6z7L6VQFVKU7Tl4kK4A6lWu4o1Q/HxBMFGZ/zVrx+kuPPVirHXy7F7TXFT4LghTi75Ve4ZCYdUrFvphVojS+XraUKEHWpO0urxR+4Gpd5BwBmbB+llLoOBkwbAwcdx+oi/qYm22entZsqLNi9oq6FvWc/AJIQ+Aya1ejMP1Ec2UYbIPDCR9RnGCQO4dOw3Mp+H6yByFvBWJuukvnv09mJQVLALrD35kJwdYfWPo5G14+ASDZIrvpWlm0Dk9LhWF/LPqPLvik0srtEoT+pZkLU9qE+i0bgvTXJqgYkyn/Exgi6XOy3zhVQ9zHDO/jiUa50KwxE+/g9WedfB00YRx2rndTs455K2eCUtxRJObl/eBkbyBes9bU6zIu3GuQshgt6h9UxgwK+73ofF293zKFpgHLgFATqMN/8rLH5rODxcPNY3VwTLIlmYtDo4otvKRWm0MPxBflbBun3fe6D6uoYqVJetjEypmU6XpqT89WUxah4NFpvEjXf5FTyoDPrb8O1oDGPMgbwbFh2W22z34A6T52lUg5nJzatlUPXweGY1NMGcPO8Z7Pv7yJMdcBidaxFRsLzKePkoOmUk1zW/cdtrjugURuy2958pp2CRfOQs0/XnPu+WWWwaSoWzI8ZgBMxuCWxtoJRusIHi1hfDw7T9gnvr9+TQsD4/nXeB4td1aFvggUAqsf/2Ahe7UvcJPM7nfgcymnpqwbfWHtWqkqjI4sJnKEAlxaDe2Xx/dC3eI8VWsZFJnepDSeA8TufJObK5TtYaCe+htLM5/4mCphRsb73DHdnlQ7PIG872kdrCapnA54SnDKBC8Z+t1W7LoWUTrQ752Nr3M0DRu5RfqTigyJ5zMMuOfXjVSJ1dy0xUp7Tn4JhkjpNX9DAOPMmvB19mA0lLF9hunfpT96lBf1grxo6x2oagqvg4N9a7+Bha8aQ5QtLB7maBLTOGbCI9zL0SYU+8qI+BHGZIndKSkLWc6XmcLMWyvypDC7XcjRVqFXMiYAFhPaFgPEjz31xycYYFvGa7mC0sV4OISEvdxoXE34IMfeI+Wf5wjURsWSkJ8Kub4pH3LjifX2gkWazQjsB9Ry0uLuCJbH+j9oOfrfz0xmFFVikkQSalLdWFqPg8UOJZMt/heO7w3MUE1RNXlV8k1m5d4lKTsLfcCgGF+NE3rC9oTIJgA0gTjOb/DImkE7MTFsMqJ+TesaFeYNx1Ll8T3P5zAuK+YGN2BNKOMD4oM5Qt3zfnDraL7i3ITJ39WvArjobBVKcMUg+h0uwD7NFo0up4fo7pOmy1KTYEjNZcOGKPHMZ8pli/ZM2+yiJ928Kdu7Bwe/MnmVA6xBFyjNRXcNWcDt6p6M+6NY9gr8sANVOj6Eb905ExC6XmgxOOW06K8Y81zYt+ggEna9QG1WwPpSxRQgtMlgada5DGy0ivHyrIuvSYCgtwiX3tc67ZCjQ0/7S2F7FxqQztfpO8x3FRMvr6DxCTSZmtyySClCqa+JZET5xO8bxkHGPnh/Pm97qy5085t6ablBKw==,iv:r/r8/D765tpIYa+qltuLohs/GtU3I6/P3qslXkbnCgE=,tag:ump5hDeTECGJWYkuPENAvQ==,type:str]",
 	"sops": {
 		"shamir_threshold": 1,
 		"kms": null,
@ -7,8 +7,8 @@
 		"azure_kv": null,
 		"hc_vault": null,
 		"age": null,
-		"lastmodified": "2024-03-19T01:44:48Z",
+		"lastmodified": "2024-03-21T15:14:28Z",
-		"mac": "ENC[AES256_GCM,data:c+4WUmXEs1r6C1riHHsMAwRyjf5Z58l1/f03Jc8L+komJevGpbSNTxBad3GOHnvFHB4M7ONZehlkEmaXEmTMJUN2LUs4ULU3wsRe/tD1BXs06Ktx8zuW3ym8ND/kfsu17/O5v951iZpDWWuk+ACsu4dnEDeIg27yXviUg4k3BVw=,iv:cVUlvEsXv8AAeDkw+B7aPNo+TQtNzUjO4lZHKge7pg8=,tag:WSRAk1xlVw8TaCxToAYr1g==,type:str]",
+		"mac": "ENC[AES256_GCM,data:kFloPwB/TeHMMk1VYcQkHf2wDFrUr0zcvP8u39wNcXFDWilMqzW9W+/vlpfvR3qbSWwlN7tpippwBNY+pu6/ZaA2JZP7DUczA3xpFn+BUljiX4JV/+YAz1KwZT4VA4EimAMWr90sHSMKKxp7AjqiNqhirajxjfgspBluQkKCH8Q=,iv:sY35Kef/MGwl9SrZs+pdXziQCHX27MsBaRt4q7Cb9Fg=,tag:pPWqSaZlzOro1P1fmUSVxw==,type:str]",
 		"pgp": [
 			{
 				"created_at": "2024-01-14T19:49:29Z",