From c59e40f1f850602e597161f485888e73fd05fc24 Mon Sep 17 00:00:00 2001 From: moni Date: Sun, 8 Sep 2024 22:31:39 +0800 Subject: [PATCH] mistral: ms-sql-server --- hosts/default.nix | 10 ++++++++ hosts/mistral/configuration.nix | 39 +++++++++++++++++++++++++++-- hosts/starcruiser/configuration.nix | 8 +++--- secrets/ms-sql-server.age | 11 ++++++++ secrets/secrets.nix | 10 +++++--- 5 files changed, 68 insertions(+), 10 deletions(-) create mode 100644 secrets/ms-sql-server.age diff --git a/hosts/default.nix b/hosts/default.nix index 38041bf..da2923b 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -16,6 +16,16 @@ server = true; modules = [ + inputs.agenix.nixosModules.default + + { + age.secrets.ms-sql-server = { + file = ../secrets/ms-sql-server.age; + owner = "moni"; + mode = "0444"; + }; + } + inputs.nix-minecraft.nixosModules.minecraft-servers ./mistral/configuration.nix ]; diff --git a/hosts/mistral/configuration.nix b/hosts/mistral/configuration.nix index e384b90..3a05c92 100644 --- a/hosts/mistral/configuration.nix +++ b/hosts/mistral/configuration.nix @@ -1,6 +1,7 @@ { inputs, modulesPath, + config, lib, pkgs, ... @@ -30,8 +31,12 @@ programs.fish.enable = true; networking.firewall = { - allowedTCPPorts = [ 4747 ]; - allowedUDPPorts = [ 4747 ]; + allowedTCPPorts = [ + 1433 + 4747 + ]; + + interfaces.podman1.allowedUDPPorts = [ 53 ]; }; services = { @@ -189,10 +194,40 @@ }; }; + systemd.services.create-podman-network = with config.virtualisation.oci-containers; { + serviceConfig.Type = "oneshot"; + wantedBy = [ "${backend}-ms-sql-server.service" ]; + + script = '' + ${lib.getExe pkgs.podman} network exists db-net || ${lib.getExe pkgs.podman} network create db-net + ''; + }; + users.users.moni = { isNormalUser = true; home = "/home/moni"; shell = pkgs.fish; extraGroups = [ "wheel" ]; }; + + virtualisation = { + podman.enable = true; + + oci-containers = { + backend = "podman"; + + containers.ms-sql-server = { + image = "mcr.microsoft.com/mssql/server:2022-latest"; + autoStart = true; + ports = [ "1433:1433" ]; + + environment = { + ACCEPT_EULA = "Y"; + MSSQL_SA_PASSWORD = __readFile config.age.secrets.ms-sql-server.path; # yes, this is bad but I don't have much choice... + }; + + extraOptions = [ "--network=db-net" ]; + }; + }; + }; } diff --git a/hosts/starcruiser/configuration.nix b/hosts/starcruiser/configuration.nix index c0461eb..d8bf0fd 100644 --- a/hosts/starcruiser/configuration.nix +++ b/hosts/starcruiser/configuration.nix @@ -189,10 +189,10 @@ # $ sudo smbpasswd -a yourusername # This adds to the [global] section: - extraConfig = '' - browseable = yes - smb encrypt = required - ''; + settings."global" = { + browseable = "yes"; + "smb encrypt" = "required"; + }; shares = { homes = { diff --git a/secrets/ms-sql-server.age b/secrets/ms-sql-server.age new file mode 100644 index 0000000..af30081 --- /dev/null +++ b/secrets/ms-sql-server.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 KAuKJQ S+5Cj+apibo8urg+BwImZ7bMuiBTcCbU2vwvfiuTKRc +17qaL3XbwmwOEsLyLczHUbqfp+bUCCFXFdgtVHjnLAg +-> ssh-ed25519 OasC+A V0wHZeDlGzNTmY+iZGIFCV5K+X+mi8ZxKkRpMfXFjxM +k6J55lXiYpHcyHQ43T/KmRfvzY6zIRSTqO6nQ0hod7E +-> ssh-ed25519 KAuKJQ fgPfr0ybokgSxQeSdg7NHpyUeWWKAPd+6qgKbn5dBgM +o7Mgc3RFaZ+nZd5HOY/FbPvr6+dCEcZ00kYJsg5vZOY +-> ssh-ed25519 fKg5bA DGsDYH+PY/kIE1P83uM/OratFSgBKg2owSccnxFdpl8 +SiGp65d0h1Hz9M5FshGSKiDcW9aEKbT0yuSv6LIBen8 +--- R0a2WytYTgh3SKesag1I1FSa2vhdVgdP8pzusQG8f00 +T³à™)ZÝAgÏŸÄ_øŒ–þ[ƒÝÿq«ÿäQ­ö«§<š+hõ4K \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7d58726..600bb7e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -7,17 +7,19 @@ let zero = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOf7dkQDloUFN1Hxn/yWrcqMaJiH/jsXUGAAtL9l92xQ"; starcruiser = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrPdqIiTrGqnN6eAhRuGl9ZV2sUz/IR85T3/TzUT4Ol"; riscake = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEeZg4xxANKadIm8hnhM/rQrl77Xwwp0tFRnnANtFgI3"; + mistral = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFDRGyDQlHPogYIt0IIwI+/1D+U3qbOHOZOyPsAN2NWt"; users = [ moni.linux moni.darwin zero ]; - hosts = [ +in +{ + "tokens.age".publicKeys = users ++ [ starcruiser riscake ]; -in -{ - "tokens.age".publicKeys = users ++ hosts; + + "ms-sql-server.age".publicKeys = users ++ [ mistral ]; }