diff --git a/flake.lock b/flake.lock index 94342b2..4845e4e 100644 --- a/flake.lock +++ b/flake.lock @@ -118,11 +118,11 @@ }, "nixpkgs-25-05": { "locked": { - "lastModified": 1752620740, - "narHash": "sha256-f3pO+9lg66mV7IMmmIqG4PL3223TYMlnlw+pnpelbss=", + "lastModified": 1752866191, + "narHash": "sha256-NV4S2Lf2hYmZQ3Qf4t/YyyBaJNuxLPyjzvDma0zPp/M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "32a4e87942101f1c9f9865e04dc3ddb175f5f32e", + "rev": "f01fe91b0108a7aff99c99f2e9abbc45db0adc2a", "type": "github" }, "original": { diff --git a/nodes.nix b/nodes.nix index 7b93ed7..c9bf2e0 100644 --- a/nodes.nix +++ b/nodes.nix @@ -1,4 +1,8 @@ { + #################### + # Metz Inventory # + #################### + bastion-mtz-lasuite-federez = { system = "x86_64-linux"; ver = "25.05"; @@ -245,4 +249,236 @@ fsType = "ext4"; }; }; + + ###################### + # Rennes Inventory # + ###################### + + bastion-ren-lasuite-federez = { + system = "x86_64-linux"; + ver = "25.05"; + modules = [ + ./shared/bastion.nix + ]; + + ip4 = "193.54.193.176/24"; + gIp4 = "193.54.193.254"; + + dev = "ens18"; + + grubDevice = "/dev/sda"; + fileSystems."/" = { + device = "/dev/disk/by-uuid/8735325b-0930-4d41-8ff9-c22d58ad05e5"; + fsType = "ext4"; + }; + }; + + db-ren-lasuite-federez = { + system = "x86_64-linux"; + ver = "25.05"; + modules = [ + # TODO + ]; + + ip4 = "193.54.193.177/24"; + gIp4 = "193.54.193.254"; + + dev = "ens18"; + + grubDevice = "/dev/sda"; + fileSystems."/" = { + device = "/dev/disk/by-uuid/8735325b-0930-4d41-8ff9-c22d58ad05e5"; + fsType = "ext4"; + }; + }; + + dns-ren-lasuite-federez = { + system = "x86_64-linux"; + ver = "25.05"; + modules = [ + # TODO + ]; + + ip4 = "193.54.193.178/24"; + gIp4 = "193.54.193.254"; + + dev = "ens18"; + + grubDevice = "/dev/sda"; + fileSystems."/" = { + device = "/dev/disk/by-uuid/8735325b-0930-4d41-8ff9-c22d58ad05e5"; + fsType = "ext4"; + }; + }; + + docs-ren-lasuite-federez = { + system = "x86_64-linux"; + ver = "25.05"; + modules = [ + # TODO + ]; + + ip4 = "193.54.193.179/24"; + gIp4 = "193.54.193.254"; + + dev = "ens18"; + + grubDevice = "/dev/sda"; + fileSystems."/" = { + device = "/dev/disk/by-uuid/8735325b-0930-4d41-8ff9-c22d58ad05e5"; + fsType = "ext4"; + }; + }; + + meet-ren-lasuite-federez = { + system = "x86_64-linux"; + ver = "25.05"; + modules = [ + # TODO + ]; + + ip4 = "193.54.193.180/24"; + gIp4 = "193.54.193.254"; + + dev = "ens18"; + + grubDevice = "/dev/sda"; + fileSystems."/" = { + device = "/dev/disk/by-uuid/8735325b-0930-4d41-8ff9-c22d58ad05e5"; + fsType = "ext4"; + }; + }; + + gris-ren-lasuite-federez = { + system = "x86_64-linux"; + ver = "25.05"; + modules = [ + # TODO + ]; + + ip4 = "193.54.193.181/24"; + gIp4 = "193.54.193.254"; + + dev = "ens18"; + + grubDevice = "/dev/sda"; + fileSystems."/" = { + device = "/dev/disk/by-uuid/8735325b-0930-4d41-8ff9-c22d58ad05e5"; + fsType = "ext4"; + }; + }; + + mail-ren-lasuite-federez = { + system = "x86_64-linux"; + ver = "25.05"; + modules = [ + # TODO + ]; + + ip4 = "193.54.193.182/24"; + gIp4 = "193.54.193.254"; + + dev = "ens18"; + + grubDevice = "/dev/sda"; + fileSystems."/" = { + device = "/dev/disk/by-uuid/8735325b-0930-4d41-8ff9-c22d58ad05e5"; + fsType = "ext4"; + }; + }; + + garage-ren-lasuite-federez = { + system = "x86_64-linux"; + ver = "25.05"; + modules = [ + # TODO + ]; + + ip4 = "193.54.193.183/24"; + gIp4 = "193.54.193.254"; + + dev = "ens18"; + + grubDevice = "/dev/sda"; + fileSystems."/" = { + device = "/dev/disk/by-uuid/8735325b-0930-4d41-8ff9-c22d58ad05e5"; + fsType = "ext4"; + }; + }; + + livekit-ren-lasuite-federez = { + system = "x86_64-linux"; + ver = "25.05"; + modules = [ + # TODO + ]; + + ip4 = "193.54.193.184/24"; + gIp4 = "193.54.193.254"; + + dev = "ens18"; + + grubDevice = "/dev/sda"; + fileSystems."/" = { + device = "/dev/disk/by-uuid/8735325b-0930-4d41-8ff9-c22d58ad05e5"; + fsType = "ext4"; + }; + }; + + backup-ren-lasuite-federez = { + system = "x86_64-linux"; + ver = "25.05"; + modules = [ + # TODO + ]; + + ip4 = "193.54.193.185/24"; + gIp4 = "193.54.193.254"; + + dev = "ens18"; + + grubDevice = "/dev/sda"; + fileSystems."/" = { + device = "/dev/disk/by-uuid/8735325b-0930-4d41-8ff9-c22d58ad05e5"; + fsType = "ext4"; + }; + }; + + prom-ren-lasuite-federez = { + system = "x86_64-linux"; + ver = "25.05"; + modules = [ + # TODO + ]; + + ip4 = "193.54.193.186/24"; + gIp4 = "193.54.193.254"; + + dev = "ens18"; + + grubDevice = "/dev/sda"; + fileSystems."/" = { + device = "/dev/disk/by-uuid/8735325b-0930-4d41-8ff9-c22d58ad05e5"; + fsType = "ext4"; + }; + }; + + auth-ren-lasuite-federez = { + system = "x86_64-linux"; + ver = "25.05"; + modules = [ + # TODO + ]; + + ip4 = "193.54.193.187/24"; + gIp4 = "193.54.193.254"; + + dev = "ens18"; + + grubDevice = "/dev/sda"; + fileSystems."/" = { + device = "/dev/disk/by-uuid/8735325b-0930-4d41-8ff9-c22d58ad05e5"; + fsType = "ext4"; + }; + }; } \ No newline at end of file diff --git a/shell.nix b/shell.nix index a2ed18c..a5fb2d8 100644 --- a/shell.nix +++ b/shell.nix @@ -13,11 +13,61 @@ pkgs.mkShell { packages = with pkgs; [ deploy-rs nano + wireguard-tools ]; EDITOR="nano"; shellHook = '' + rungcall() { + echo "Running nix-collect-garbage -d on all nodes..." + while read ip; do + echo "==========================================" + echo "Running garbage collection on $ip" + echo "==========================================" + ssh "$ip" "sudo nix-collect-garbage -d" < /dev/null 2>&1 | \ + while IFS= read -r line; do + echo "[$ip] $line" + done + echo "" + done < <(grep -o 'ip4 = "[0-9.]*/' nodes.nix | sed 's/ip4 = "//; s/\/.*//') + } + runrebootall() { + echo "This will reboot ALL nodes in the network!" + echo "Nodes to be rebooted:" + grep -o 'ip4 = "[0-9.]*/' nodes.nix | \ + sed 's/ip4 = "//; s/\/.*//' | \ + while read ip; do + echo " - $ip" + done + echo "" + + read -p "Are you sure you want to reboot all these nodes? (yes/no): " confirm + + if [ "$confirm" = "yes" ]; then + echo "Rebooting all nodes..." + while read ip; do + echo "Rebooting $ip..." + # Calling systemctl bypass molly-guard + ssh "$ip" "sudo systemctl reboot" < /dev/null 2>&1 || echo "Yup, that failed" + done < <(grep -o 'ip4 = "[0-9.]*/' nodes.nix | sed 's/ip4 = "//; s/\/.*//') + echo "Reboot commands sent to all nodes." + else + echo "Reboot cancelled." + fi + } + getallhk() { + echo "Collecting SSH Ed25519 host keys from all nodes..." + echo "" + + while read ip; do + ssh "$ip" "cat /etc/ssh/ssh_host_ed25519_key.pub" < /dev/null 2>&1 || echo "Failed to get host key from $ip" + done < <(grep -o 'ip4 = "[0-9.]*/' nodes.nix | sed 's/ip4 = "//; s/\/.*//') + } + + export -f rungcall + export -f runrebootall + echo "Welcome to Federez-LaSuite network deploy-rs shell environment!" ''; }