Merge pull request #17 from cardano-scaling/sl/nix-deployment-arcade

refactor nix code and add test arcade qemu deployment

.gitignore

@@ -10,3 +10,4 @@ Rocket.toml
 result*
 *.sk
 *.vk
+treefmt.toml

.sops.yaml

@@ -0,0 +1,13 @@
+# This example uses YAML anchors which allows reuse of multiple keys
+# without having to repeat yourself.
+# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
+# for a more complex example.
+keys:
+  - &admin_disasm age1xls94zehkupxnvtc5krd3clm4ky28npate5n09cgmzsyjlh6actqmm89xn
+  - &hydra-arcade-test age1vfrq2nmetzquwchm752thgt8epece9ynkk7azx6ltt8wxj37cyqq8l28js
+creation_rules:
+  - path_regex: secrets.yaml$
+    key_groups:
+    - age:
+      - *admin_disasm
+      - *hydra-arcade-test

deployment/hydra-arcade-test/hardware-configuration.nix

@@ -0,0 +1,50 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "ahci" "floppy" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "tank/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "tank/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/nix" =
+    { device = "tank/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/DE79-CE7E";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/a876c4fa-3523-45c1-86ae-6f1560ddd882"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wg0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

deployment/hydra-arcade-test/secrets.yaml

@@ -0,0 +1,30 @@
+wg0PrivateKey: ENC[AES256_GCM,data:fmn46/cvoXu0SULlYhihrzFd8SOhPaPocE0leLds/mnarGlH1Pinv5slyQA=,iv:bt0WIh73rz8I7ylNDgrFzNHVE1oFXu9MplvVQz8UwUo=,tag:ZekUuiybQNgCXSsceG5wyg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1xls94zehkupxnvtc5krd3clm4ky28npate5n09cgmzsyjlh6actqmm89xn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHOVc0VXRmbVMzK3RhQ2tn
+            REgrZ1hCNDlvRXkwU3RpR0wzVXBZaTZuWXg4CkZiKzZzekM1bHNrMkpHbzQxaTlI
+            TjhnOStSeUFjeENqajVVcTVBZjhDNVEKLS0tIHN6Y0dqZldpU1ZtSzNLZkk3MWVN
+            em1LMVZrNGFqc2pHc2w4UnQrL0I0bncKCnLq6s0LJrrqCzhGDrC/Ut1wEHRY+5Wu
+            ds1LLuV06YrjABfkiCHx4cHr48iket0gls2U6e/uQzG/IDKpdl2jKg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1vfrq2nmetzquwchm752thgt8epece9ynkk7azx6ltt8wxj37cyqq8l28js
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQZ2hHNXdwbnlKTmpCMis0
+            diticHJQUmx4cktxditldlJDdVlPZWluM1dJCjJ1VWphMnFLSDJqK3p4QjBNbXhH
+            c2w4UjhmT0NVM2NKRy9DakNScTI4M1kKLS0tIHZDbjRjVUZVRTJ5WS91Q213dnlG
+            TTF4ZG1ZY0U4RmJQbTJOYlNpUk9oVVUK3CtjQ3Y02dmmzZOqVqouAUcCGFuVZHjU
+            0VXTBVeD+ASKdobDkvYHb0LbnxsPbbO3XNEBb/kLQpw/rJpgMsIEFA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-08-08T07:49:46Z"
+    mac: ENC[AES256_GCM,data:Vvkjq5RKfA9tgMgEnGEpQrr2J88iELpAb8n3zjRGZnWXhsuCX4jv8WMHb+6s3+bTsk61kGpdr42g4BdNelyAaWC3PV9DTtEq77LFmbn6zZ0U4fvAAYrb8tUEkNg545hCu38M+FWscsv+yvck12qUBeOZra3aUbSqnRJsw9f2a6A=,iv:Vc+fj6Xj4YQP5XLFePJTc3K1/QJeCO//0oP6n/jNvRQ=,tag:2nXn0oOqciK5ulv4dtF27Q==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0