From 2d9ca2a73f39fa2ffa0778a04466da14254006a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Tue, 10 Feb 2026 21:53:29 +0100 Subject: [PATCH] hosts: add nix-cache02 build host New build host to replace nix-cache01 with: - 8 CPU cores, 16GB RAM, 200GB disk - Static IP 10.69.13.25 Co-Authored-By: Claude Opus 4.5 --- flake.nix | 9 ++++ hosts/nix-cache02/configuration.nix | 72 +++++++++++++++++++++++++++++ hosts/nix-cache02/default.nix | 5 ++ terraform/vault/hosts-generated.tf | 6 +++ terraform/vms.tf | 7 +++ 5 files changed, 99 insertions(+) create mode 100644 hosts/nix-cache02/configuration.nix create mode 100644 hosts/nix-cache02/default.nix diff --git a/flake.nix b/flake.nix index 74f9eec..e60a915 100644 --- a/flake.nix +++ b/flake.nix @@ -200,6 +200,15 @@ ./hosts/monitoring02 ]; }; + nix-cache02 = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { + inherit inputs self; + }; + modules = commonModules ++ [ + ./hosts/nix-cache02 + ]; + }; }; packages = forAllSystems ( { pkgs }: diff --git a/hosts/nix-cache02/configuration.nix b/hosts/nix-cache02/configuration.nix new file mode 100644 index 0000000..a4c0de9 --- /dev/null +++ b/hosts/nix-cache02/configuration.nix @@ -0,0 +1,72 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ + ../template2/hardware-configuration.nix + + ../../system + ../../common/vm + ]; + + # Host metadata (adjust as needed) + homelab.host = { + tier = "test"; # Start in test tier, move to prod after validation + }; + + # Enable Vault integration + vault.enable = true; + + # Enable remote deployment via NATS + homelab.deploy.enable = true; + + nixpkgs.config.allowUnfree = true; + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/vda"; + + networking.hostName = "nix-cache02"; + networking.domain = "home.2rjus.net"; + networking.useNetworkd = true; + networking.useDHCP = false; + services.resolved.enable = true; + networking.nameservers = [ + "10.69.13.5" + "10.69.13.6" + ]; + + systemd.network.enable = true; + systemd.network.networks."ens18" = { + matchConfig.Name = "ens18"; + address = [ + "10.69.13.25/24" + ]; + routes = [ + { Gateway = "10.69.13.1"; } + ]; + linkConfig.RequiredForOnline = "routable"; + }; + time.timeZone = "Europe/Oslo"; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + nix.settings.tarball-ttl = 0; + environment.systemPackages = with pkgs; [ + vim + wget + git + ]; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + + system.stateVersion = "25.11"; # Did you read the comment? +} \ No newline at end of file diff --git a/hosts/nix-cache02/default.nix b/hosts/nix-cache02/default.nix new file mode 100644 index 0000000..57ed4b4 --- /dev/null +++ b/hosts/nix-cache02/default.nix @@ -0,0 +1,5 @@ +{ ... }: { + imports = [ + ./configuration.nix + ]; +} \ No newline at end of file diff --git a/terraform/vault/hosts-generated.tf b/terraform/vault/hosts-generated.tf index 9a11286..96c048c 100644 --- a/terraform/vault/hosts-generated.tf +++ b/terraform/vault/hosts-generated.tf @@ -33,6 +33,12 @@ locals { "secret/data/shared/homelab-deploy/*", ] } + "nix-cache02" = { + paths = [ + "secret/data/hosts/nix-cache02/*", + ] + } + } # Placeholder secrets - user should add actual secrets manually or via tofu diff --git a/terraform/vms.tf b/terraform/vms.tf index 532d44b..e738935 100644 --- a/terraform/vms.tf +++ b/terraform/vms.tf @@ -86,6 +86,13 @@ locals { disk_size = "60G" vault_wrapped_token = "s.uXpdoGxHXpWvTsGbHkZuq1jF" } + "nix-cache02" = { + ip = "10.69.13.25/24" + cpu_cores = 8 + memory = 16384 + disk_size = "200G" + vault_wrapped_token = "s.C5EuHFyULACEqZgsLqMC3cJB" + } } # Compute VM configurations with defaults applied