Move files againrefactor

22 files changed, 508 insertions, 0 deletions

diff --git a/os/host_TOREWORK/cluster/prod/cluster.nix b/os/host_TOREWORK/cluster/prod/cluster.nix
new file mode 100644
index 0000000..d131db7
--- /dev/null
+++ b/os/host_TOREWORK/cluster/prod/cluster.nix
@@ -0,0 +1,70 @@
+{ config, pkgs, ... } @ args:
+
+{
+  deuxfleurs.cluster_name = "prod";
+  deuxfleurs.cluster_nodes = [
+    {
+      hostname = "concombre";
+      site_name = "neptune";
+      publicKey = "VvXT0fPDfWsHxumZqVShpS33dJQAdpJ1E79ZbCBJP34=";
+      IP = "10.42.1.31";
+      endpoint = "82.66.112.151:33731";
+      lan_endpoint = "192.168.1.31:33731";
+    }
+    {
+      hostname = "courgette";
+      site_name = "neptune";
+      publicKey = "goTkBJGmzrGDOAjUcdH9G0JekipqSMoaYQdB6IHnzi0=";
+      IP = "10.42.1.32";
+      endpoint = "82.66.112.151:33732";
+      lan_endpoint = "192.168.1.32:33732";
+    }
+    {
+      hostname = "celeri";
+      site_name = "neptune";
+      publicKey = "oZDAb8LoLW87ktUHyFFec0VaIar97bqq47mGbdVqJ0U=";
+      IP = "10.42.1.33";
+      endpoint = "82.66.112.151:33733";
+      lan_endpoint = "192.168.1.33:33733";
+    }
+  ];
+  deuxfleurs.admin_nodes = [
+    {
+      hostname = "hammerhead";
+      publicKey = "b5hF+GSTgg3oM6wnjL7jRbfyf1jtsWdVptPPbAh3Qic=";
+      IP = "10.42.0.1";
+      endpoint = "5.135.179.11:51349";
+    }
+    {
+      hostname = "robinson";
+      publicKey = "ETaZFil3mFXlJ0LaJZyWqJVLV2IZUF5PB/8M7WbQSTg=";
+      IP = "10.42.0.42";
+      endpoint = "77.141.67.109:33742";
+    }
+    {
+      hostname = "shiki";
+      publicKey = "QUiUNMk70TEQ75Ut7Uqikr5uGVSXmx8EGNkGM6tANlg=";
+      IP = "10.42.0.206";
+      endpoint = "37.187.118.206:51820";
+    }
+    {
+      hostname = "lindy";
+      publicKey = "wen9GnZy2iLT6RyHfn7ydS/wvdvow1XPmhZxIkrDbks=";
+      IP = "10.42.0.66";
+      endpoint = "82.66.112.151:33766";
+    }
+  ];
+  deuxfleurs.admin_accounts = {
+    lx = [
+      # Keys for accessing nodes from outside
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIDdVbA9fEdqSr5UJ77NnoIqDTVp8ca5kHExhZYI4ecBExFJfonJllXMBN9KdC4ukxtY8Ug47PcMOfMaTBZQc+e+KpvDWpkBt15Xpem3RCxmMBES79sLL7LgtAdBXc5mNaCX8EOEVixWKdarjvxRyf6py6the51G5muaiMpoj5fae4ZpRGjhGTPefzc7y7zRWBUUZ8pYHW774BIaK6XT9gn3hyHV+Occjl/UODXvodktk55YtnuPi8adXTYEsHrVVz8AkFhx+cr0U/U8vtQnsTrZG+JmgQLqpXVs0RDw5bE1RefEbMuYNKxutYKUe3L+ZJtDe0M0MqOFI8a4F5TxP5 katchup@konata"
+    ];
+  };
+
+  # For Garage external communication
+  networking.firewall.allowedTCPPorts = [ 3901 ];
+
+  # Enable netdata monitoring
+  services.netdata.enable = true;
+}
diff --git a/os/host_TOREWORK/cluster/prod/node/celeri.nix b/os/host_TOREWORK/cluster/prod/node/celeri.nix
new file mode 100644
index 0000000..02a33c9
--- /dev/null
+++ b/os/host_TOREWORK/cluster/prod/node/celeri.nix
@@ -0,0 +1,29 @@
+# Configuration file local to this node
+
+{ config, pkgs, ... }:
+
+{
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.timeout = 20;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "celeri";
+
+  deuxfleurs.network_interface = "eno1";
+  deuxfleurs.lan_ip = "192.168.1.33";
+
+  networking.interfaces.eno1.ipv6.addresses = [
+    {
+      address = "2a01:e0a:c:a720::33";
+      prefixLength = 64;
+    }
+  ];
+
+  deuxfleurs.vpn_ip = "10.42.1.33";
+  deuxfleurs.vpn_listen_port = 33733;
+  deuxfleurs.is_raft_server = true;
+
+  # Enable netdata monitoring
+  services.netdata.enable = true;
+}
diff --git a/os/host_TOREWORK/cluster/prod/node/celeri.site.nix b/os/host_TOREWORK/cluster/prod/node/celeri.site.nix
new file mode 120000
index 0000000..04ee36c
--- /dev/null
+++ b/os/host_TOREWORK/cluster/prod/node/celeri.site.nix
@@ -0,0 +1 @@
+../site/neptune.nix
\ No newline at end of file
diff --git a/os/host_TOREWORK/cluster/prod/node/concombre.nix b/os/host_TOREWORK/cluster/prod/node/concombre.nix
new file mode 100644
index 0000000..517dcf8
--- /dev/null
+++ b/os/host_TOREWORK/cluster/prod/node/concombre.nix
@@ -0,0 +1,29 @@
+# Configuration file local to this node
+
+{ config, pkgs, ... }:
+
+{
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.timeout = 20;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "concombre";
+
+  deuxfleurs.network_interface = "eno1";
+  deuxfleurs.lan_ip = "192.168.1.31";
+
+  networking.interfaces.eno1.ipv6.addresses = [
+    {
+      address = "2a01:e0a:c:a720::31";
+      prefixLength = 64;
+    }
+  ];
+
+  deuxfleurs.vpn_ip = "10.42.1.31";
+  deuxfleurs.vpn_listen_port = 33731;
+  deuxfleurs.is_raft_server = true;
+
+  # Enable netdata monitoring
+  services.netdata.enable = true;
+}
diff --git a/os/host_TOREWORK/cluster/prod/node/concombre.site.nix b/os/host_TOREWORK/cluster/prod/node/concombre.site.nix
new file mode 120000
index 0000000..04ee36c
--- /dev/null
+++ b/os/host_TOREWORK/cluster/prod/node/concombre.site.nix
@@ -0,0 +1 @@
+../site/neptune.nix
\ No newline at end of file
diff --git a/os/host_TOREWORK/cluster/prod/node/courgette.nix b/os/host_TOREWORK/cluster/prod/node/courgette.nix
new file mode 100644
index 0000000..d34e7a5
--- /dev/null
+++ b/os/host_TOREWORK/cluster/prod/node/courgette.nix
@@ -0,0 +1,29 @@
+# Configuration file local to this node
+
+{ config, pkgs, ... }:
+
+{
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.timeout = 20;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "courgette";
+
+  deuxfleurs.network_interface = "eno1";
+  deuxfleurs.lan_ip = "192.168.1.32";
+
+  networking.interfaces.eno1.ipv6.addresses = [
+    {
+      address = "2a01:e0a:c:a720::32";
+      prefixLength = 64;
+    }
+  ];
+
+  deuxfleurs.vpn_ip = "10.42.1.32";
+  deuxfleurs.vpn_listen_port = 33732;
+  deuxfleurs.is_raft_server = true;
+
+  # Enable netdata monitoring
+  services.netdata.enable = true;
+}
diff --git a/os/host_TOREWORK/cluster/prod/node/courgette.site.nix b/os/host_TOREWORK/cluster/prod/node/courgette.site.nix
new file mode 120000
index 0000000..04ee36c
--- /dev/null
+++ b/os/host_TOREWORK/cluster/prod/node/courgette.site.nix
@@ -0,0 +1 @@
+../site/neptune.nix
\ No newline at end of file
diff --git a/os/host_TOREWORK/cluster/prod/site/neptune.nix b/os/host_TOREWORK/cluster/prod/site/neptune.nix
new file mode 100644
index 0000000..900ddf0
--- /dev/null
+++ b/os/host_TOREWORK/cluster/prod/site/neptune.nix
@@ -0,0 +1,9 @@
+{ config, pkgs, ... }:
+
+{
+  deuxfleurs.site_name = "neptune";
+  deuxfleurs.lan_default_gateway = "192.168.1.254";
+  deuxfleurs.lan_ip_prefix_length = 24;
+
+  networking.nameservers = [ "192.168.1.254" ];
+}
diff --git a/os/host_TOREWORK/cluster/prod/ssh_config b/os/host_TOREWORK/cluster/prod/ssh_config
new file mode 100644
index 0000000..cb4841f
--- /dev/null
+++ b/os/host_TOREWORK/cluster/prod/ssh_config
@@ -0,0 +1,10 @@
+UserKnownHostsFile ./ssh_known_hosts
+
+Host concombre
+	HostName 2a01:e0a:c:a720::31
+
+Host courgette
+	HostName 2a01:e0a:c:a720::32
+
+Host celeri
+	HostName 2a01:e0a:c:a720::33
diff --git a/os/host_TOREWORK/cluster/staging/cluster.nix b/os/host_TOREWORK/cluster/staging/cluster.nix
new file mode 100644
index 0000000..5007815
--- /dev/null
+++ b/os/host_TOREWORK/cluster/staging/cluster.nix
@@ -0,0 +1,45 @@
+{ config, pkgs, ... } @ args:
+
+{
+  deuxfleurs.cluster_name = "staging";
+
+  # Bootstrap nodes for Wesher overlay network
+  services.wesher.join = [
+	"2a01:e0a:c:a720::21"  # cariacou
+	"2a01:e0a:c:a720::22"  # carcajou
+	"2a01:e0a:c:a720::23"  # caribou
+  ];
+
+  # The IP range to use for the Wesher overlay of this cluster
+  deuxfleurs.wesher_cluster_prefix = "10.14.0.0";
+  deuxfleurs.wesher_cluster_prefix_length = 16;
+
+  # Bootstrap IPs for Consul cluster,
+  # these are IPs on the Wesher overlay
+  services.consul.extraConfig.retry_join = [
+    "10.14.181.82"  # caribou
+    "10.14.179.56"  # cariacou
+    "10.14.252.121" # carcajou
+  ];
+
+  deuxfleurs.admin_accounts = {
+    lx = [
+      # Keys for accessing nodes from outside
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIDdVbA9fEdqSr5UJ77NnoIqDTVp8ca5kHExhZYI4ecBExFJfonJllXMBN9KdC4ukxtY8Ug47PcMOfMaTBZQc+e+KpvDWpkBt15Xpem3RCxmMBES79sLL7LgtAdBXc5mNaCX8EOEVixWKdarjvxRyf6py6the51G5muaiMpoj5fae4ZpRGjhGTPefzc7y7zRWBUUZ8pYHW774BIaK6XT9gn3hyHV+Occjl/UODXvodktk55YtnuPi8adXTYEsHrVVz8AkFhx+cr0U/U8vtQnsTrZG+JmgQLqpXVs0RDw5bE1RefEbMuYNKxutYKUe3L+ZJtDe0M0MqOFI8a4F5TxP5 katchup@konata"
+    ];
+    quentin = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDT1+H08FdUSvdPpPKdcafq4+JRHvFVjfvG5Id97LAoROmFRUb/ZOMTLdNuD7FqvW0Da5CPxIMr8ZxfrFLtpGyuG7qdI030iIRZPlKpBh37epZHaV+l9F4ZwJQMIBO9cuyLPXgsyvM/s7tDtrdK1k7JTf2EVvoirrjSzBaMhAnhi7//to8zvujDtgDZzy6aby75bAaDetlYPBq2brWehtrf9yDDG9WAMYJqp//scje/WmhbRR6eSdim1HaUcWk5+4ZPt8sQJcy8iWxQ4jtgjqTvMOe5v8ZPkxJNBine/ZKoJsv7FzKem00xEH7opzktaGukyEqH0VwOwKhmBiqsX2yN quentin@dufour.io"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBu+KUebaWwlugMC5fGbNhHc6IaQDAC6+1vMc4Ww7nVU1rs2nwI7L5qcWxOwNdhFaorZQZy/fJuCWdFbF61RCKGayBWPLZHGPsfqDuggYNEi1Qil1kpeCECfDQNjyMTK058ZBBhOWNMHBjlLWXUlRJDkRBBECY0vo4jRv22SvSaPUCAnkdJ9rbAp/kqb497PTIb2r1l1/ew8YdhINAlpYQFQezZVfkZdTKxt22n0QCjhupqjfh3gfNnbBX0z/iO+RvAOWRIZsjPFLC+jXl+n7cnu2cq1nvST5eHiYfXXeIgIwmeENLKqp+2Twr7PIdv22PnJkh6iR5kx7eTRxkNZdN quentin@deuxfleurs.fr"
+    ];
+    adrien = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBfVX+iQSHl3V0el3/y2Rtl9Q/nrmLoTE3oXnR+16yX7g8HvzU871q89jbE/UWvNRvO4hirTcKF8yojuq8ZRCoUcQO+6/YlPrY/2G8kFhPTlUGDQ+mLT+ancZsom4mkg3I9oQjKZ9qxMD1GuU8Ydz4eXjhJ8OGFZhBpEgnrLmdA53Y5d2fCbaZN5EYD4sWEFYN7xBLxTGNwv0gygiPs967Z4/ZfHngTvqVoS9wnQThSCIoXPTWFAJCkN8dC5tPZwnbOT1bGcYUF0VTrcaD6cU6Q1ZRrtyqXxnnyxpQCAoe2hgdIm+LnDsBx9trfPauqi0dXi36X8pLmudW1f1RmKWT adrien@bacigalupi"
+    ];
+    maximilien = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHMMR6zNzz8NQU80wFquhUCeiXJuGphjP+zNouKbn228GyESu8sfNBwnuZq86vblR11Lz8l2rtCM73GfAKg29qmUWUHRKWvRIYWv2vaUJcCdy0bAxIzcvCvjZX0SpnIKxe9y3Rp0LGO5WLYfw0ZFaavwFZP0Z8w1Kj9/zBmL2X2avbhkaYHi/C1yXhbvESYQysmqLa48EX/TS616MBrgR9zbI9AoTQ9NOHnR14Tve/AP/khcZoBJdm4hTttMbNkEc0wonzdylTDew263SPRs/uoqnQIpUtErdPHqU10Yup8HjXjEyFJsSwcZcM5sZOw5JKckKJwmcd0yjO/x/4/Mk5"
+    ];
+    kokakiwi = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFPTsEgcOtb2bij+Ih8eg8ZqO7d3IMiWykv6deMzlSSS kokakiwi@kira"
+    ];
+  };
+}
diff --git a/os/host_TOREWORK/cluster/staging/node/carcajou.nix b/os/host_TOREWORK/cluster/staging/node/carcajou.nix
new file mode 100644
index 0000000..dbcc5ec
--- /dev/null
+++ b/os/host_TOREWORK/cluster/staging/node/carcajou.nix
@@ -0,0 +1,27 @@
+# Configuration file local to this node
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./remote-unlock.nix
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.timeout = 20;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "carcajou";
+
+  deuxfleurs.network_interface = "eno1";
+  deuxfleurs.lan_ip = "192.168.1.22";
+  deuxfleurs.ipv6 = "2a01:e0a:c:a720::22";
+
+  deuxfleurs.cluster_ip = "10.14.252.121";
+  deuxfleurs.is_raft_server = true;
+
+  # Enable netdata monitoring
+  services.netdata.enable = true;
+}
diff --git a/os/host_TOREWORK/cluster/staging/node/carcajou.site.nix b/os/host_TOREWORK/cluster/staging/node/carcajou.site.nix
new file mode 120000
index 0000000..04ee36c
--- /dev/null
+++ b/os/host_TOREWORK/cluster/staging/node/carcajou.site.nix
@@ -0,0 +1 @@
+../site/neptune.nix
\ No newline at end of file
diff --git a/os/host_TOREWORK/cluster/staging/node/cariacou.nix b/os/host_TOREWORK/cluster/staging/node/cariacou.nix
new file mode 100644
index 0000000..14d1842
--- /dev/null
+++ b/os/host_TOREWORK/cluster/staging/node/cariacou.nix
@@ -0,0 +1,27 @@
+# Configuration file local to this node
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./remote-unlock.nix
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.timeout = 20;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "cariacou";
+
+  deuxfleurs.network_interface = "eno1";
+  deuxfleurs.lan_ip = "192.168.1.21";
+  deuxfleurs.ipv6 = "2a01:e0a:c:a720::21";
+
+  deuxfleurs.cluster_ip = "10.14.179.56";
+  deuxfleurs.is_raft_server = true;
+
+  # Enable netdata monitoring
+  services.netdata.enable = true;
+}
diff --git a/os/host_TOREWORK/cluster/staging/node/cariacou.site.nix b/os/host_TOREWORK/cluster/staging/node/cariacou.site.nix
new file mode 120000
index 0000000..04ee36c
--- /dev/null
+++ b/os/host_TOREWORK/cluster/staging/node/cariacou.site.nix
@@ -0,0 +1 @@
+../site/neptune.nix
\ No newline at end of file
diff --git a/os/host_TOREWORK/cluster/staging/node/caribou.nix b/os/host_TOREWORK/cluster/staging/node/caribou.nix
new file mode 100644
index 0000000..3b41972
--- /dev/null
+++ b/os/host_TOREWORK/cluster/staging/node/caribou.nix
@@ -0,0 +1,27 @@
+# Configuration file local to this node
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./remote-unlock.nix
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.timeout = 20;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "caribou";
+
+  deuxfleurs.network_interface = "eno1";
+  deuxfleurs.lan_ip = "192.168.1.23";
+  deuxfleurs.ipv6 = "2a01:e0a:c:a720::23";
+
+  deuxfleurs.cluster_ip = "10.14.181.82";
+  deuxfleurs.is_raft_server = true;
+
+  # Enable netdata monitoring
+  services.netdata.enable = true;
+}
diff --git a/os/host_TOREWORK/cluster/staging/node/caribou.site.nix b/os/host_TOREWORK/cluster/staging/node/caribou.site.nix
new file mode 120000
index 0000000..04ee36c
--- /dev/null
+++ b/os/host_TOREWORK/cluster/staging/node/caribou.site.nix
@@ -0,0 +1 @@
+../site/neptune.nix
\ No newline at end of file
diff --git a/os/host_TOREWORK/cluster/staging/node/spoutnik.nix b/os/host_TOREWORK/cluster/staging/node/spoutnik.nix
new file mode 100644
index 0000000..060d77d
--- /dev/null
+++ b/os/host_TOREWORK/cluster/staging/node/spoutnik.nix
@@ -0,0 +1,58 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+
+  networking.hostName = "spoutnik";
+  services.openssh.ports = [ 220 ];
+
+  deuxfleurs.network_interface = "enp0s25";
+  deuxfleurs.lan_ip = "192.168.0.40";
+  deuxfleurs.ipv6 = "::"; #TODO
+
+  deuxfleurs.cluster_ip = "10.14.0.0";
+  deuxfleurs.is_raft_server = false; #TODO
+
+  # Nginx configuration:
+
+  services.nginx = {
+    enable = true;
+
+    # Use recommended settings
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    # Add any further config to match your needs, e.g.:
+    virtualHosts = let
+      base = locations: {
+        inherit locations;
+
+        forceSSL = true;
+        enableACME = true;
+      };
+      proxy = addr: port: base {
+        "/".proxyPass = "http://" + addr + ":" + toString(port);
+      };
+    in {
+      "axl.deuxfleurs.fr" = proxy "192.168.0.60" 80;
+      "warez.luxeylab.net" = proxy "192.168.0.50" 80;
+    };
+  };
+
+
+  # ACME:
+
+  security.acme = {
+    acceptTerms = true;
+    email = "adrien@luxeylab.net";
+  };
+}
+
diff --git a/os/host_TOREWORK/cluster/staging/node/spoutnik.site.nix b/os/host_TOREWORK/cluster/staging/node/spoutnik.site.nix
new file mode 120000
index 0000000..87c7991
--- /dev/null
+++ b/os/host_TOREWORK/cluster/staging/node/spoutnik.site.nix
@@ -0,0 +1 @@
+../site/pluton.nix
\ No newline at end of file
diff --git a/os/host_TOREWORK/cluster/staging/site/neptune.nix b/os/host_TOREWORK/cluster/staging/site/neptune.nix
new file mode 100644
index 0000000..38a4bab
--- /dev/null
+++ b/os/host_TOREWORK/cluster/staging/site/neptune.nix
@@ -0,0 +1,20 @@
+{ config, pkgs, ... }:
+
+{
+  deuxfleurs.site_name = "neptune";
+  deuxfleurs.lan_default_gateway = "192.168.1.254";
+  deuxfleurs.lan_ip_prefix_length = 24;
+  deuxfleurs.ipv6_prefix_length = 64;
+
+  networking.nameservers = [ "192.168.1.254" ];
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.cron = {
+    enable = true;
+    systemCronJobs = [
+      "0 2 * * * root nix-collect-garbage --delete-older-than 10d >> /root/nix_gc_log 2>&1"
+      "30 2 1 * * root docker run --rm -v /var/lib/drone/nix:/nix nixpkgs/nix:nixos-21.05 nix-collect-garbage --delete-older-than 30d >> /root/drone_nix_gc_log 2>&1"
+    ];
+  };
+}
diff --git a/os/host_TOREWORK/cluster/staging/site/pluton.nix b/os/host_TOREWORK/cluster/staging/site/pluton.nix
new file mode 100644
index 0000000..9f972c0
--- /dev/null
+++ b/os/host_TOREWORK/cluster/staging/site/pluton.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, ... }:
+
+{
+  networking.defaultGateway = {
+    address = "192.168.0.1";
+    interface = "enp0s25";
+  };
+  networking.nameservers = [ "213.186.33.99" "172.104.136.243" ];
+
+  deuxfleurs.site_name = "pluton";
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}
diff --git a/os/host_TOREWORK/cluster/staging/ssh_config b/os/host_TOREWORK/cluster/staging/ssh_config
new file mode 100644
index 0000000..9bc4e6e
--- /dev/null
+++ b/os/host_TOREWORK/cluster/staging/ssh_config
@@ -0,0 +1,14 @@
+UserKnownHostsFile ./ssh_known_hosts
+
+Host caribou
+	HostName 2a01:e0a:c:a720::23
+
+Host carcajou
+	HostName 2a01:e0a:c:a720::22
+
+Host cariacou
+	HostName 2a01:e0a:c:a720::21
+
+Host spoutnik
+	HostName 10.42.0.2
+	Port 220
diff --git a/os/host_TOREWORK/configuration.nix b/os/host_TOREWORK/configuration.nix
new file mode 100644
index 0000000..984307c
--- /dev/null
+++ b/os/host_TOREWORK/configuration.nix
@@ -0,0 +1,94 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... } @ args:
+
+# Configuration local for this cluster node (hostname, IP, etc)
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      # Include generic Deuxfleurs module
+      ./deuxfleurs.nix
+      # Wesher module
+      ./wesher_service.nix
+      # Configuration for this deployment (a cluster)
+      ./cluster.nix
+      # Configuration local for this Deuxfleurs site (set of nodes)
+      ./site.nix
+      # Configuration local for this cluster node (hostname, IP, etc)
+      ./node.nix
+    ];
+
+  nixpkgs.overlays = [
+    (import ./wesher.nix)
+  ];
+
+  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  # Per-interface useDHCP will be mandatory in the future, so this generated config
+  # replicates the default behaviour.
+  networking.useDHCP = false;
+
+  # Set your time zone.
+  time.timeZone = "Europe/Paris";
+
+  # Select internationalisation properties.
+  # i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "sun12x22";
+    keyMap = "fr";
+  };
+
+  boot.kernel.sysctl = {
+    "vm.max_map_count" = 262144;
+  };
+
+  services.journald.extraConfig = ''
+SystemMaxUse=1G
+  '';
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    nmap
+    bind
+    inetutils
+    pciutils
+    vim
+    tmux
+    ncdu
+    iotop
+    jnettop
+    nethogs
+    wget
+    htop
+    smartmontools
+    links
+    git
+    rclone
+    docker
+    docker-compose
+    wireguard
+    wesher
+  ];
+
+  programs.vim.defaultEditor = true;
+
+  # Enable network time
+  services.ntp.enable = true;
+
+  # Enable the OpenSSH daemon and disable password login.
+  services.openssh.enable = true;
+  services.openssh.passwordAuthentication = false;
+
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.05"; # Did you read the comment?
+}
+