Add remote LUKS unlocking configuration

author: Alex Auvolat <alex@adnab.me> 2022-02-25 17:52:17 +0100
committer: Alex Auvolat <alex@adnab.me> 2022-02-25 17:52:17 +0100
commit: 6dc92812997e99e12ae5fcab3bda65f056a74edb (patch)
tree: de185f8e60062a90ac2a57243dfce2add70bd083 /cluster
parent: 20ab1f7b8a76a116644668029175100c15a615e2 (diff)
download: nixcfg-6dc92812997e99e12ae5fcab3bda65f056a74edb.tar.gz
nixcfg-6dc92812997e99e12ae5fcab3bda65f056a74edb.zip
8 files changed, 31 insertions, 54 deletions
diff --git a/cluster/prod/node/celeri.nix b/cluster/prod/node/celeri.nix
index 09de302..02a33c9 100644
--- a/cluster/prod/node/celeri.nix
+++ b/cluster/prod/node/celeri.nix
@@ -10,13 +10,9 @@
 
   networking.hostName = "celeri";
 
-  networking.interfaces.eno1.useDHCP = false;
-  networking.interfaces.eno1.ipv4.addresses = [
-    {
-      address = "192.168.1.33";
-      prefixLength = 24;
-    }
-  ];
+  deuxfleurs.network_interface = "eno1";
+  deuxfleurs.lan_ip = "192.168.1.33";
+
   networking.interfaces.eno1.ipv6.addresses = [
     {
       address = "2a01:e0a:c:a720::33";
diff --git a/cluster/prod/node/concombre.nix b/cluster/prod/node/concombre.nix
index f06e387..517dcf8 100644
--- a/cluster/prod/node/concombre.nix
+++ b/cluster/prod/node/concombre.nix
@@ -10,13 +10,9 @@
 
   networking.hostName = "concombre";
 
-  networking.interfaces.eno1.useDHCP = false;
-  networking.interfaces.eno1.ipv4.addresses = [
-    {
-      address = "192.168.1.31";
-      prefixLength = 24;
-    }
-  ];
+  deuxfleurs.network_interface = "eno1";
+  deuxfleurs.lan_ip = "192.168.1.31";
+
   networking.interfaces.eno1.ipv6.addresses = [
     {
       address = "2a01:e0a:c:a720::31";
diff --git a/cluster/prod/node/courgette.nix b/cluster/prod/node/courgette.nix
index e540de1..d34e7a5 100644
--- a/cluster/prod/node/courgette.nix
+++ b/cluster/prod/node/courgette.nix
@@ -10,13 +10,9 @@
 
   networking.hostName = "courgette";
 
-  networking.interfaces.eno1.useDHCP = false;
-  networking.interfaces.eno1.ipv4.addresses = [
-    {
-      address = "192.168.1.32";
-      prefixLength = 24;
-    }
-  ];
+  deuxfleurs.network_interface = "eno1";
+  deuxfleurs.lan_ip = "192.168.1.32";
+
   networking.interfaces.eno1.ipv6.addresses = [
     {
       address = "2a01:e0a:c:a720::32";
diff --git a/cluster/prod/site/neptune.nix b/cluster/prod/site/neptune.nix
index c0eb39e..900ddf0 100644
--- a/cluster/prod/site/neptune.nix
+++ b/cluster/prod/site/neptune.nix
@@ -1,11 +1,9 @@
 { config, pkgs, ... }:
 
 {
-  networking.defaultGateway = {
-    address = "192.168.1.254";
-    interface = "eno1";
-  };
-  networking.nameservers = [ "192.168.1.254" ];
-
   deuxfleurs.site_name = "neptune";
+  deuxfleurs.lan_default_gateway = "192.168.1.254";
+  deuxfleurs.lan_ip_prefix_length = 24;
+
+  networking.nameservers = [ "192.168.1.254" ];
 }
diff --git a/cluster/staging/node/carcajou.nix b/cluster/staging/node/carcajou.nix
index 82cd8f9..beff6a7 100644
--- a/cluster/staging/node/carcajou.nix
+++ b/cluster/staging/node/carcajou.nix
@@ -10,13 +10,9 @@
 
   networking.hostName = "carcajou";
 
-  networking.interfaces.eno1.useDHCP = false;
-  networking.interfaces.eno1.ipv4.addresses = [
-    {
-      address = "192.168.1.22";
-      prefixLength = 24;
-    }
-  ];
+  deuxfleurs.network_interface = "eno1";
+  deuxfleurs.lan_ip = "192.168.1.22";
+
   networking.interfaces.eno1.ipv6.addresses = [
     {
       address = "2a01:e0a:c:a720::22";
diff --git a/cluster/staging/node/cariacou.nix b/cluster/staging/node/cariacou.nix
index d9dbc93..430996c 100644
--- a/cluster/staging/node/cariacou.nix
+++ b/cluster/staging/node/cariacou.nix
@@ -10,13 +10,9 @@
 
   networking.hostName = "cariacou";
 
-  networking.interfaces.eno1.useDHCP = false;
-  networking.interfaces.eno1.ipv4.addresses = [
-    {
-      address = "192.168.1.21";
-      prefixLength = 24;
-    }
-  ];
+  deuxfleurs.network_interface = "eno1";
+  deuxfleurs.lan_ip = "192.168.1.21";
+
   networking.interfaces.eno1.ipv6.addresses = [
     {
       address = "2a01:e0a:c:a720::21";
diff --git a/cluster/staging/node/caribou.nix b/cluster/staging/node/caribou.nix
index 3be3cdc..7b785ef 100644
--- a/cluster/staging/node/caribou.nix
+++ b/cluster/staging/node/caribou.nix
@@ -3,6 +3,11 @@
 { config, pkgs, ... }:
 
 {
+  imports =
+    [
+      ./remote-unlock.nix
+    ];
+
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.timeout = 20;
@@ -10,13 +15,9 @@
 
   networking.hostName = "caribou";
 
-  networking.interfaces.eno1.useDHCP = false;
-  networking.interfaces.eno1.ipv4.addresses = [
-    {
-      address = "192.168.1.23";
-      prefixLength = 24;
-    }
-  ];
+  deuxfleurs.network_interface = "eno1";
+  deuxfleurs.lan_ip = "192.168.1.23";
+
   networking.interfaces.eno1.ipv6.addresses = [
     {
       address = "2a01:e0a:c:a720::23";
diff --git a/cluster/staging/site/neptune.nix b/cluster/staging/site/neptune.nix
index ec8b052..5fed713 100644
--- a/cluster/staging/site/neptune.nix
+++ b/cluster/staging/site/neptune.nix
@@ -1,13 +1,11 @@
 { config, pkgs, ... }:
 
 {
-  networking.defaultGateway = {
-    address = "192.168.1.254";
-    interface = "eno1";
-  };
-  networking.nameservers = [ "192.168.1.254" ];
-
   deuxfleurs.site_name = "neptune";
+  deuxfleurs.lan_default_gateway = "192.168.1.254";
+  deuxfleurs.lan_ip_prefix_length = 24;
+
+  networking.nameservers = [ "192.168.1.254" ];
 
   networking.firewall.allowedTCPPorts = [ 80 443 ];
author	Alex Auvolat <alex@adnab.me>	2022-02-25 17:52:17 +0100
committer	Alex Auvolat <alex@adnab.me>	2022-02-25 17:52:17 +0100
commit	6dc92812997e99e12ae5fcab3bda65f056a74edb (patch)
tree	de185f8e60062a90ac2a57243dfce2add70bd083 /cluster
parent	20ab1f7b8a76a116644668029175100c15a615e2 (diff)
download	nixcfg-6dc92812997e99e12ae5fcab3bda65f056a74edb.tar.gz nixcfg-6dc92812997e99e12ae5fcab3bda65f056a74edb.zip