diff --git a/.sops.yaml b/.sops.yaml index f2dbb0f..2ca5209 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,11 +3,13 @@ keys: - &elios 0C143D8AFF5FBCD2293897658E66EDB0546158DF - &server ebdabf42731801d79db14c893639d8f0c7ff61ed - &storage1 7675e1c632a9a0644c6ab828dbcc48a5300773a8 + - &hel1 0f0c4c2f9877cb8a53efadacb90613a2af502673 creation_rules: - path_regex: secrets.enc.yml$ key_groups: - - pgp: - - *admin - - *elios - - *server - - *storage1 + - pgp: + - *admin + - *elios + - *server + - *storage1 + - *hel1 diff --git a/flake.lock b/flake.lock index a911e5b..6d11785 100644 --- a/flake.lock +++ b/flake.lock @@ -36,6 +36,24 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1733168902, + "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=", + "owner": "nix-community", + "repo": "disko", + "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -70,7 +88,7 @@ }, "foundryvtt": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1726638033, @@ -151,16 +169,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1726447378, - "narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=", - "owner": "nixos", + "lastModified": 1732238832, + "narHash": "sha256-sQxuJm8rHY20xq6Ah+GwIUkF95tWjGRd1X8xF+Pkk38=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1", + "rev": "8edf06bea5bcbee082df1b7369ff973b91618b8d", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-24.05", + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -182,6 +200,22 @@ } }, "nixpkgs_4": { + "locked": { + "lastModified": 1726447378, + "narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1717602782, "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", @@ -199,8 +233,9 @@ "root": { "inputs": { "deploy-rs": "deploy-rs", + "disko": "disko", "foundryvtt": "foundryvtt", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver", "sops-nix": "sops-nix" @@ -210,7 +245,7 @@ "inputs": { "blobs": "blobs", "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-24_05": "nixpkgs-24_05", "utils": "utils_2" }, diff --git a/flake.nix b/flake.nix index 97e28ff..1c6c31a 100644 --- a/flake.nix +++ b/flake.nix @@ -2,6 +2,7 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + disko.url = "github:nix-community/disko"; sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; deploy-rs.url = "github:serokell/deploy-rs"; @@ -14,6 +15,7 @@ self, nixpkgs, nixpkgs-unstable, + disko, deploy-rs, sops-nix, simple-nixos-mailserver, @@ -109,6 +111,29 @@ } ]; }; + hel1 = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit nixpkgs inputs; + }; + + modules = [ + disko.nixosModules.disko + defaultModuleArgs + sops-nix.nixosModules.sops + simple-nixos-mailserver.nixosModule + foundryvtt.nixosModules.foundryvtt + ./profiles/hel.nix + { + sops.defaultSopsFile = ./secrets.enc.yml; + networking.hostName = "hel1"; + networking.domain = "banditlair.com"; + nix.registry.nixpkgs.flake = nixpkgs; + + system.stateVersion = "24.05"; + } + ]; + }; }; deploy.nodes = @@ -132,6 +157,10 @@ hostname = "78.46.96.243"; profiles.system = createSystemProfile self.nixosConfigurations.storage1; }; + hel1 = { + hostname = "37.27.138.62"; + profiles.system = createSystemProfile self.nixosConfigurations.hel1; + }; }; checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; diff --git a/hardware/hetzner-dedicated-hel1.nix b/hardware/hetzner-dedicated-hel1.nix new file mode 100644 index 0000000..bf19b24 --- /dev/null +++ b/hardware/hetzner-dedicated-hel1.nix @@ -0,0 +1,25 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp41s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/keys/hosts/hel1.asc b/keys/hosts/hel1.asc new file mode 100644 index 0000000..93d1a7e --- /dev/null +++ b/keys/hosts/hel1.asc @@ -0,0 +1,28 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +xsFNBAAAAAABEADQKmE04ZeXN65PTt5cc0YAgBeFukwhP39Ccq9ZxlCkovUMcm9q +1Gqgb1tw0hfHCUYK9D6In/qLgNQ6h0Etnesi9HUncl6GC0EE89kNOANZVLuPir0V +9Rm7zo55UUUM/qlZe1L7b19oO4qT5tIUlM1w4LfduZuyaag2RDpJxh4xBontftZn +CS6O2OI4++/6OKLkn4qtsepxPWb9M6lY/sb6w75LqyUXyjxxArrQMHpE4RQHTCEJ +iK9t+z5xpfI4WfTnIRQaCw6LxZhE9Kh/pOSVbLU6c5VdBHfCOPk6xrB3TbuUvMpR +0cRtn5q0nJQHGhL0A709UXR1fnPm7Xs4GTIf2LWXch6mcrjkTocz8qmKDuMxQzY7 +6QXy6A+rvghhOxnrZTEhLKExZxNqag72MIeippPFNbyOJgke3htHy74b9WjM1vZJ +9VRYnmhxpGz0af//GF6LZQy7gOxBasSOv5u5r//1Ow7FNf2K5xYPGYzWRIDx+abM +a+JwOyPHdZ9bR+jmB5R9VohFECFLgjm+O5Ed1LJgRX/6vYlB+8gZeeflbZpYYsSY +/EcpsUKgtOmIBJT1svdjVTDdplihdFUzWfjL+n2O30K7yniNz6dGbXhxfqOVlp9R +6ZsEdbGTX0IGpG+0ZgkUkLrgROAH1xiOYNhpXuD3l6rNXLw4HP3Mqjp3FwARAQAB +zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT +AQgAFgUCAAAAAAkQuQYToq9QJnMCGw8CGQEAAKIEEAAl4oKgMCXYorPbOR7Lqvy6 +Qe2ooEkUAcW26NYXzu12KNVEn6fEsz7xWFvplXOI0dzkWP6fb1J/VBv178iQ2nRw +NuVtwiD78IaEINQ2BaiZQ5TJnn1Rl46vIf35YlhVdkdyzy+P0nK3rgG+X+xCv+pK +VL+V9rELxBUhcshMdRIEc64Xvwo5RW6PqRoGPJwpvYgeV4cLkgkI4k0B59iKPY0T +9euLXPrD4qFSX1BXsRI8y9yRdSJFlsc7oMnouWhjKmfTTU5vyHBhs3v9HwljZZTE +voMAMLzfLCQIQ7fyVcqbG/ofPgW9s5GLhg5IK5gdvo6N+MlJDiEVMefNR9kx5ei6 +RdbQtuWrWUMzQzFTfA0upC+IE13rVQCXgqsPfUMEeovIoSuNbU9FeNOzcZkrG+NB +3KzAP9UcSqqupfOTKSQv+LlVtn6AtBaFCw3A2vZP/XoJV6KStaTbTG1PlhcY7zsy +o1nit8mRyBM9dbLFJmsiMhDpK75uLUlD1PL7ptliisMA8snn7QLdrnrOsxhbbFTs +ilZge3p1AtCQ8uj2uAKPqmE1QhgJP7cS3Hm6mtXKJoy5njpQBY+L5GIqfeDcMtcp +ZQ11yL/7RN/mIyGOevAabpdP2ZCoODlVBmeRkUKTqES3/HT5cknSHAL9czSiOyvf +aYj2vswzlyELMoIOMmRo3Q== +=PRcK +-----END PGP PUBLIC KEY BLOCK----- diff --git a/modules/monit.nix b/modules/monit.nix index 8e6580b..f5f468d 100644 --- a/modules/monit.nix +++ b/modules/monit.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; -let cfg = config.custom.services.monit; -in { +let + cfg = config.custom.services.monit; +in +{ options.custom.services.monit = { enable = mkEnableOption "monit"; @@ -15,7 +22,6 @@ in { sops.secrets = { monitMailserverConfig = { - owner = config.services.borgbackup.jobs.data.user; key = "monit/mailserver_config"; }; }; diff --git a/profiles/hel.nix b/profiles/hel.nix new file mode 100644 index 0000000..8cb6bd7 --- /dev/null +++ b/profiles/hel.nix @@ -0,0 +1,165 @@ +{ + config, + lib, + pkgs, + pkgs-unstable, + inputs, + ... +}: +{ + imports = [ + ../environment.nix + ../hardware/hetzner-dedicated-hel1.nix + ../modules + ]; + + time.timeZone = "Europe/Amsterdam"; + + disko.devices = { + disk = { + nvme0 = { + device = "/dev/nvme0n1"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "root"; + }; + }; + }; + }; + }; + nvme1 = { + device = "/dev/nvme1n1"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "root"; + }; + }; + }; + }; + }; + sda = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "data"; + }; + }; + }; + }; + }; + sdb = { + device = "/dev/sdb"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "data"; + }; + }; + }; + }; + }; + sdc = { + device = "/dev/sdc"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "data"; + }; + }; + }; + }; + }; + sdd = { + device = "/dev/sdd"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "data"; + }; + }; + }; + }; + }; + }; + mdadm = { + root = { + type = "mdadm"; + level = 1; + content = { + type = "gpt"; + partitions.primary = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + data = { + type = "mdadm"; + level = 10; + content = { + type = "gpt"; + partitions.primary = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/nix/var/data"; + }; + }; + }; + }; + }; + }; + + custom = { + services.openssh.enable = true; + }; + +} diff --git a/secrets.enc.yml b/secrets.enc.yml index c66a48e..0160b2d 100644 --- a/secrets.enc.yml +++ b/secrets.enc.yml @@ -74,85 +74,105 @@ sops: lastmodified: "2024-09-11T18:58:46Z" mac: ENC[AES256_GCM,data:NeD6/1DBlvW9vyReJJVBb8YY8qnMPZE0pobvNNdq/0dJKQfnAEndEokqWrRCuzd8oFuMbSmb4CDMX3N6r6nypGi4MMeeBAxPqlHO8aHAZ+XSrAh0XPNmcUnTYUP/zhJA9mp2fyWWgQT4gMEQslKVHDiCd68yOrj2wOr9Nx4CW8Y=,iv:eUyv6w/hXdxGg/1y2CU/WjEivzctCKO3Yw66ToEolH0=,tag:nFh240Xx1+dtLpz9P4U6gA==,type:str] pgp: - - created_at: "2023-10-17T21:02:13Z" - enc: | + - created_at: "2024-12-05T00:56:17Z" + enc: |- -----BEGIN PGP MESSAGE----- - hQIMAy9TuQ4zAbDHAQ//cPpyfr5azm4DvHUvRTagNA8/V6usl0vlnZ7CO+vCdGr8 - a0prKLhyeNKie3pt+KDyvGXJOirW0yFA5mMIw/so1OFvHo5FoM/fvIKVR57wsgDk - atO2SqK8/1IWGGT+5PG74Xb56m7TKtNIM20G11MC9WBj3xcgdSwFxRztJjsnmV5D - eCxYfbFpIbgA9adYP+flb6XBbaw8eVs9uAyCgki6eXOb7L7j0GFDVXtgXxJUUoFK - zTnqQIFmFHNTtCuTfsbkrQRDG3DKfh5lnRYrtN9KDMGZ4/o372NL0yt31Lbpwo76 - cxA+jsiVD2aPuBotMq8+ryH32totEl2bxug1CIFnwcOpbXVg3N4pVFYv2Xi/h7By - FAypkc4Zo/oygz7342dKI2NopCwEiWwsksaPuxpzTdy6MIPm8N7TG1+DesdVkveh - UM5gUtoizgYVbGaY2EQnQKg9WdyyA2aZSfiQ2wrkkr57wogVQE3SlXKU86MXIVup - L1IJ2u+ftWeJfgLmbGHxOXqvEg+CPegXGU1KhVth08+ng4NzP1wpfa4eG+OMF6xI - f/0p1mMftkBANLxEjy51tmB2dKndhT4/RcJYjQFOap2yPQzeCUNxyYxfaGqIBp4C - ONuKxh9eEh3gLO/Ns3ljru0BhZj0ERM6E9vTFf4Y9T1xxcdFs3x30OfDloQfpqzS - XgHlgyFyeex/+yT2/4ZxRAw1Vnmp3v/8PrVuiJ6PP7Y/pqBvzeIKRCA64pzFDaWy - jcX+BqVItgDS2zNnhd80u7tkCXAM6YCxjJ8eUG+mfjjnGmocDHQlUIG3urXvw1Q= - =DFju + hQIMAy9TuQ4zAbDHARAAi+7vgkuN1cykzeuKwUJtOU+Cv9wKkWAemJfKLZdjmGZs + vTG2LTZZC5uty9oimSmLGfnCi+fvBF607vGtVAr8JCXOKKmzvxesBJKTEUSlq8yx + hlB8kANVZRT7AFj3/7PfWWkXDuFv+xtE9AnHFoSUsnp85mci9wPCnCJz42/+EM7+ + iI6OeNk/N5R2vtvCcsdAEGS9zJFBO0Vs7TC0yeJSwWQbOmuFaYqYrjojMWIuVlxj + NlDl+IMkEHS2HEVO2kW0U5QqhlacFjGa0YoukFj6A/GbY+EiSIEHTkARpdp6tdvS + GwvGmfcKMAR/NPljU1vc0u3izc2P6VjywuQnTdbgNjecaIOUn+uZcqQdVJX+o9nM + dcQiLXGCIqwx2sRCjc+v3MqPzABrh5B5hPKQQw36X+ErETm6HDewfc+/RnBJu0wE + c9jglwYQK9MRFXqSp2NUjPnUzSwZdm2OIPhPyGZwZbIgPQ9Fe24cabUm0Et3q44R + UhSmpCk5yTLB1bJw9+1p6F90u4HlgB6boi5djWalg74oIFzPT7/i1y7PdNAySIJV + tcGyO3gP9qMHevjpt1RiVYnI7qVSR08JGLAitHSMGKxbzyQctB5xUp8c9Q3XNJg5 + okOgprxeXuunWEbDW2SS3vZlXfngWm6R04fK2+dXGf2RvsYta0fJdiexG2qHyhjS + XgEMLW9RcQmOy4LXssq53noxZK43rw4+T0t2Bll1GuTUU0S3G2n06Eoidaro0EX1 + ix1iBBrh9oFlNB+mGPvaLgX+Hgm8KJL/qQLNLvvAhSqBDeq3J4/hZNoQ/snJh6w= + =4gW6 -----END PGP MESSAGE----- fp: 3AC6F170F01133CE393BCD94BE948AFD7E7873BE - - created_at: "2023-10-17T21:02:13Z" - enc: | + - created_at: "2024-12-05T00:56:17Z" + enc: |- -----BEGIN PGP MESSAGE----- - hQIMA5qa+llcB15aARAArAdqZxR2Ot+g0+c2BxsOeq8OTmHii23K51MSNZrNkjhB - z0DQbvGM7lf/v+T+dDIGlEZcWsP9BvMZQnKQk2Ml3ovewTZj3BG6zPmRcB2nLjyr - A9RivmVghWq12doHOiWe3oNQGc8WiOZjSVVt0JqS/1bRU45iejK/YkgcJUiNq0EB - Hm0IaEm73iCX3YkVh+UWzqMVuf/12/6VJfiEz4HN1ki9hmHNBUSRsf9+358yt4Xt - LPZEh1xEP9XU0aB13p1t2784K0qTB8Ciubga6dovoYaY3ynYHcuRN+cg/pVRIF6Y - jLFrYESxGoBz699gq3UXw/b388kwo4/ZXDD4+7/ze0IqqF+ZgMQsjKGFwOCT8xPt - bGmtmpln725ygeOU0EBENWSZwUL8KUQFyDy9hYiP09uX9gs0UBdZr1gxQKpdPBCy - TCIbtUrvPZIrJYQVwMzcuXxnlKpn88tgIgOUOfoEEodOglX5WRwGhYruvPWfmMG1 - CnHOu2OKv34nD/IttjTSuue7DNf57xmg79PQHQybOj4wsXL6rqnvlCfD4nTQ4LB/ - +PJhE4JO4NnnP5FAIu7I/SMCSuGeLzEjLQiRMhNqWxy792ErMLKxaoTef0j1l2+a - SD7hDvbyxVCj56GlPUDG8r/Jm3z9hGsve4Z2SOMx4ejka6tb9qayLlBEDVlrOSbS - XgH7GGx2qMOBAIogQwqPgt5/5sNS4h1BbnVU2JqLTU4ijjZGAIirWB8987HLl+Ki - 3wVq5nu8DKtWDWJAWNaV+8tFwKm4oAvVrjQiWrDqXVm1ktdbPjqMBsaBoxq4xEA= - =vWn1 + hQIMA5qa+llcB15aAQ/+O6rgxmaXePhf+8LKih2Cy6D3goHBIFmcmFZmXHjad2vb + 6aVkp7uwFsoWIKASe31sk1hPlIu2X2MM6OwhYL+MZA0ak0gi2+utmjIH4iNEFRWP + wH0uWvIoXI+KyXyzIHs0Y7kZlfWmm8N3yMNbqkjweI2H0vNvly4Hx1WXd/ZKtLaD + ER4z/CNmh9SMFhY+ZHLEfG6XdVdyO6gckHE4NdDntEPL6nPf1Q3daAqd6Go8St4E + M3+Kcc5tPAMKIq73Rs4RDpwC9vF8xhqq0i1zAC6LEUqvo7ocKwm3+DbWyy1bKYsJ + xgFq8Hyc/bFb8t34YO/kX6tET8OffP2W2YROUMp8VC7ImCtNs00sdBrfH3xwDuWp + CpFdWXZVOSTQ9UAKBA+z+uOP5KuA1E/7Wn33GQcQi764JhMSqIOW87WmcDQsopbr + iHOHtF6ZGoC3dc+D9nSXeCDXrsIJopjv6R5ulhlQEGCMR4/5LgihR5DzgDZDqtYU + 4IRPuCfe3Ht5hQo3b9nxIaF4rmMKgATaKXZx7Z6/tsNnvhnX7Uj+tk0XoBj9Z2j7 + f9w1RLyFqQi4hUsr5Js9BSviJOT1qK1fZmJcjEN3S3WKPQCKSV/Pety/7XuznCD8 + dRAnYrrbraKFCgxzofdihIID5eTK+lvzKYqQyyJyQRga6ejuU9S90VVPDWMUynHS + XgF4mXtEVZdezkHrmxVm6SR19FWSmg8IqjalYFcC4B10UgGO50WJawplbyWlelQL + JSLJhBpgNUCgW5lwVC5jnWEK6EsldxV5XEt/MGaB21tQszyb8sIwWmvL0j7bdQ8= + =IgVs -----END PGP MESSAGE----- fp: 0C143D8AFF5FBCD2293897658E66EDB0546158DF - - created_at: "2023-10-17T21:02:13Z" - enc: | + - created_at: "2024-12-05T00:56:17Z" + enc: |- -----BEGIN PGP MESSAGE----- - hQIMAzY52PDH/2HtAQ/+LXLXYRm5OFWCsCePh5oPMMjBfbufF2nXAP3kD0tzxplR - X218fw//t1TO489J6LuvHMu+rYb3ovrnoCbi6gJ5fArdJotaHnvdAvEX00mr8Oqr - AA6i4PiR1Cy/JfaOtt0sw3D86AO9oj/tUyU9H5HgADnmlaEFEyhoQBh9Dptngm0c - eJtsfis4NkhQcGrJbPChfV9xKdB+uPGWnzueMMN14QaJGNEXUWF6b+o78l1yJHlo - ATWomDx/i0PsMnoZEIiEPC5e78vOlvjz99UWNDCF+h9A+n0IcW10vNomAeKHAn/+ - rCoWDm9v15Wi34c2CX2wrzQzVSspyMq1cMhnM/B/Wx/Qx0acsbeBDwtZhO/5AUo7 - 92LXdWDbIkAInc1hQlFDbIyjXBXlHswHlddRRKu8AkmWddNO3Y3b3Ry6ngYZRsye - im0GQgoeQ4pXplDNgaa8SBZGM4FeGJOsKpjz4F6KqM69/cXcU+rBSjM2PJW8u6c6 - 0dU7uLB5Dj9yBbm2OElRzSunXUUQR1be685M/6XRAP1Q4iCJeSvrrwZEiNIo+RkJ - v0kXafeP3yrKzm0bOjFaOu5fUEq0TToL9a9oaTrmphVPabQP6f8DSjbuEPEuk0ZK - b+07tLUf2AVYEu4sc7qWzSnJ7pR4sXMmsT9EGTzgn+3hbKuPoh7SzELUL7uOlxXS - WAEReljgvKK4QePcREdSW4dnonl+/oLkUrhWzGteznllkZrlEEKKQnKWhVCFMyBb - YkPWkIbC0QoUy/kt0FtCWBXS3vOYsXUn4LQMfOOF6E03ZXp22szrqjA= - =SuxA + hQIMAzY52PDH/2HtAQ/+N6pyPr8DT6/TQ8OX1eq9RdJhGyT/87TJaJ2TCUxDIS9n + eIdxIRI146RWCxSnRwpVHjt8OZgW3uiW6iaqB77SW3jYV8sW9Iigz9cNcmBxXJza + b5ERY2BxEZU9bDHFrKhxiS3aZj/v/8ICPIEPQ3nXAZ1uWwH5jUoYTjIhkcLIIk1z + e9AHOVtsTXM3jFm6XbZ4vDlwqGq/s2vvmirJvpGgAl8yvrRjnboBKHD596ql7hhy + UgsxUtm/VYthHHj+KK2PCAoWijRK8ltUmRi8Q6d2rNM1Lk55LBGQabzCSncDtf7y + rhHIhx8F95AogXLHMK/verBbWv/ooSBdjaeJ4ZOOjBbS1DNsForgk4+CpOPvt4o7 + LnKA9p8qtanGln0lLoNh5vsMS8/4GEjR6ADwuxZirLj5ql/7LGC+TU2jsLxSq1OU + P2L0AcRqyEr4iBtmE9qbs9T+IZO0Zd5gekZwvXNM7idAcUjo1wPa7Y5Fbxo9vLWU + ommS5+66Izceaq3v3ULBnXH+xH7XTMi1Q/BFRfDUVN3/LZf86NHo/Y42y7QXeUmT + IoiemJf7jVs6tZ9WdWcTdwHotF2cwMt9wR/gC02idpNfKlalTbiT2CopMkDLA3cj + MXrhhLPbfYzQTa3Q2RgXQnDPpmHCQIS1YThDvvMYFw+wsHXTK3Ro7XIMeBwAx1fS + WAHOgSXRuLq2oxWwa7mLpiPJtt20s2Jv6tti4QVsGlYQv8N/MuG1WYY0Ia5QB5MK + ObwTV2d5TQf1HzOMxJSPoQhBVIG9RfFNl05yEsEX3gilW/W1145Ccis= + =rwo0 -----END PGP MESSAGE----- fp: ebdabf42731801d79db14c893639d8f0c7ff61ed - - created_at: "2023-10-17T21:02:13Z" - enc: | + - created_at: "2024-12-05T00:56:17Z" + enc: |- -----BEGIN PGP MESSAGE----- - hQIMA9vMSKUwB3OoAQ//XAnABB7d+yji4afNAb6xWS4FmwYE4meeQXE+W/lEdwA8 - NOr3JYl3CdE+U5OZxlgLi/QzqvvIDFRQJ/EAo3f+s8uc6WgZOEonA+lzakdMWjTR - 0C9J70t+S4xpLO4UtHXpo5p5HQIVEqX4e8u0J3jxK7PnHL0v+wTH8EW2UcD3K+/h - Pvs5fqFExV6fk2KDaXJ6OUqoc1Ni/mh9NhXxu5fyoKU33de8nMxnCFg6/zrOoAzq - djwKxO4KTd9ma7r2T3dHQzTZ9FpAMINJldumYv72Owy98FBYKf1//hkMAaUGVxOI - XucWbE/RUnKqxRkZ5fy/6IbNWPi6zsohmUE9UXAezknmgvjBNH13d7Wtu3nI2+iK - WsE0acjiLZyBaxoJyl7wWYNvLswEk7UoA2WI9yZ5nJXWC84r97VrBgTWY1rF9ENm - zWXucF9AEDiPRLIeI3MbtB3dzjfyXvReGOJeMf/iLfS9LzPYnigQE9PKCxLrVmXL - GFJOfs3+bLXb4Pm6Ng7Vq8vueAyXKPNIM/5Z8gEy9BWY7PLysh5fXXYOfOhan5AR - EdbabpOZaTCwD5Mme2+F2ODq1lkjZTN0UN/i7/hcFSu4SBa1H8ASodh8+o2tFOrS - 5OyHpZH7+hZJPycmF8eZPQ7ex8PkCNBS4R3tAgOPlncFS0+z+pXamdYU2m6I08PS - WAHG7VKUmZeobTKEOqAsk7vZunRz23ddey4ftMDUHWbV0LlIsiQ9sEmmY3ECjdwZ - SoiEFF2Q1lWCJLfny4XliJk2fZd5fl/gF966O0O5Tc8/NIGx0yFo/rk= - =skdX + hQIMA9vMSKUwB3OoARAAg5AjFBPNqO6vD57hZys+Q2px1RDEqbEYdBg1RjuYNrdQ + MuWpxpljglxeFC38Bk+yjCT3rBHfJ+5bYLOb7Wre5dri6QZS4gEqFHfn//rehCyM + 5PX0lbjfxq/Bbcdrh6MWbddqv8ntA3dB2fJKJk5EORjuQIN4PgwJRasciVcQMtED + uCrTUkARTz0VNwEHXN87c/etl9nE7Jdba7mdPAIL0QjOOivg2qdZwM+PK8R1/k3Z + 2nCJQ6tzZl6GTESA/NMSq+TOWz8rOzqLm0VYvf6tsVRXaoK/nN/kuwZwwequqlD/ + o75BpXfapz7KizPVb4wk/qvOXVKsYCWSAsg110g0lPo4ucF3F4+qAsC3Pyoutg5X + zxzetAamSTZHdPE8PSc+14ZaGL3wHtTIYaVjhYmFrwSSJAQiqYx5QnhiVxn8SchR + 9d4MA8tNaGkMbMeO3RN58GcVZ/IdMbE/00NFKp2bMmzCNVvBRy1KpntvPyJJzdXx + tNCZias1wr+iQL/OteNzFu8zylx+ThEe+gJ3eQqKhijxjNZKkUpxNFSvN22TP49l + Zt7pUJGBTohXktZx6cXXm3+G9PAA7jcCwJcRRNTRynu5IlCMhjs86JYck4TjWs/i + 7WSSH5WmXJ4kvp9dOgKziDVfEYDaSgvQblA/VePpA7oAVs6Z+B+mAz4hBtEGq+XS + WAGeIpfiBk+wttj4Zncd2Z8oImYRfObO6yWICmWy8QniZ7eUzp+kvbYxQKLQ8MxS + tcQRDJMGzpSG2xTib8dd0tzXdkNTaDQDCVKMh0luWN6c0817Ifl9m94= + =sY/S -----END PGP MESSAGE----- fp: 7675e1c632a9a0644c6ab828dbcc48a5300773a8 + - created_at: "2024-12-05T00:56:17Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQILA7kGE6KvUCZzAQ/2OzBwKKR2gK/xglvZ+ATqnZFDN6spJpeR8M8lq//1kFdb + cC/Lh4Pg9uFgQc0pfCbImbn+JC15Zs63cIlAt+BqUAZASLIE2rEuSjU6vyJbrDo4 + 7b4giDThXkM8bMwtxyyfwM9MczNJSv64qlxG4DFI/akylu/arhyicDyvGNr+r0CS + i2/vG6/7fimDpm3EaXUWAMtPVeZgWEp6u89/WsL8G4YbB77GMn9sm3cEKiSGftfq + 5tOu+wZ3rmuLn0pspCkZk0IdARmI59Oi28u5ACm8x6ouH8HNtAVmwqG3sETMxZvs + G2MUsve4EUXg0taOXu2CNWM+YD63r8gg/T36f8SRTd6cEZEQ9rWRW3iJ2ZTMhm5n + AHkZvtmD+fzBLkJ9tCjXsvBoh+k2c/zbe85ZmI4x6VPIHK9E1sgLTer6/6fsqFBZ + V3tRN+gysiWrWFzNG4TVD/nH3ITamJ3NcTQsxtigRaIb8vRe2fj4mXGEony0Tqyx + tX2cEmp2Oeqz6HRnja/Oy9j+2R2INgIRrkWsfp3Zj+8XCFIG+2S4vHY8guORNj72 + NnZESb8HpMONSUraKtb5DrOPTzJFczR4XXcZEC9qQ2PQJbGCdo1NNNqULJoL5DDg + Z4PCew4EdoLFPYw13IBZKiqA6fTGMXs5UnIt4KDIso3H2WyAM2oAIg1Z0NLW6tJY + AasCqH6ZXIr6tKWdUMpZESYtmHIOQjWd4fhPzmEJDKbN+nY1aiHXstOgom0K7Qhi + LcW3woj9hLmwBpkdUrX3JYmrqTME35d9Y47TRMqjI/iEoPUO4+/jsw== + =iXDv + -----END PGP MESSAGE----- + fp: 0f0c4c2f9877cb8a53efadacb90613a2af502673 unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/terraform/dns.tf b/terraform/dns.tf index bb4c5d4..7b77b2b 100644 --- a/terraform/dns.tf +++ b/terraform/dns.tf @@ -2,6 +2,7 @@ locals { dmarc_value = "\"v=DMARC1; p=none; rua=mailto:failed-dmarc@banditlair.com; ruf=mailto:dmarc@banditlair.com\"" storage1_ip = "78.46.96.243" storage1_ipv6 = "2a01:4f8:120:8233::1" + hel1_ip = "37.27.138.62" } data "hetznerdns_zone" "banditlair_zone" { @@ -60,6 +61,14 @@ resource "hetznerdns_record" "storage1_a" { ttl = 600 } +resource "hetznerdns_record" "hel1_a" { + zone_id = data.hetznerdns_zone.banditlair_zone.id + name = "hel1" + value = local.hel1_ip + type = "A" + ttl = 600 +} + resource "hetznerdns_record" "grafana_a" { zone_id = data.hetznerdns_zone.banditlair_zone.id name = "grafana"