mistral: ms-sql-server

moni-dz · Sep 8, 2024 · fcb01f3 · fcb01f3
1 parent 030848b
commit fcb01f3
Show file tree

Hide file tree

Showing 5 changed files with 64 additions and 10 deletions.
diff --git a/hosts/default.nix b/hosts/default.nix
@@ -16,6 +16,16 @@
       server = true;
 
       modules = [
+        inputs.agenix.nixosModules.default
+
+        {
+          age.secrets.ms-sql-server = {
+            file = ../secrets/ms-sql-server.age;
+            owner = "moni";
+            mode = "0444";
+          };
+        }
+
         inputs.nix-minecraft.nixosModules.minecraft-servers
         ./mistral/configuration.nix
       ];

diff --git a/hosts/mistral/configuration.nix b/hosts/mistral/configuration.nix
@@ -1,6 +1,7 @@
 {
   inputs,
   modulesPath,
+  config,
   lib,
   pkgs,
   ...
@@ -30,8 +31,12 @@
   programs.fish.enable = true;
 
   networking.firewall = {
-    allowedTCPPorts = [ 4747 ];
-    allowedUDPPorts = [ 4747 ];
+    allowedTCPPorts = [
+      1433
+      4747
+    ];
+
+    interfaces.podman1.allowedUDPPorts = [ 53 ];
   };
 
   services = {
@@ -189,10 +194,36 @@
     };
   };
 
+  systemd.services.create-podman-network = with config.virtualisation.oci-containers; {
+    serviceConfig.Type = "oneshot";
+    wantedBy = [ "${backend}-ms-sql-server.service" ];
+
+    script = ''
+      ${lib.getExe pkgs.podman} network exists db-net || ${lib.getExe pkgs.podman} network create db-net
+    '';
+  };
+
   users.users.moni = {
     isNormalUser = true;
     home = "/home/moni";
     shell = pkgs.fish;
     extraGroups = [ "wheel" ];
   };
+
+  virtualisation = {
+    podman.enable = true;
+
+    oci-containers = {
+      backend = "podman";
+
+      containers.ms-sql-server = {
+        image = "mcr.microsoft.com/mssql/server:2022-latest";
+        autoStart = true;
+        ports = [ "1433:1433" ];
+        environment.ACCEPT_EULA = "Y";
+        environmentFiles = [ config.age.secrets.ms-sql-server.file ];
+        extraOptions = [ "--network=db-net" ];
+      };
+    };
+  };
 }
diff --git a/hosts/starcruiser/configuration.nix b/hosts/starcruiser/configuration.nix
@@ -189,10 +189,10 @@
       # $ sudo smbpasswd -a yourusername
 
       # This adds to the [global] section:
-      extraConfig = ''
-        browseable = yes
-        smb encrypt = required
-      '';
+      settings."global" = {
+        browseable = "yes";
+        "smb encrypt" = "required";
+      };
 
       shares = {
         homes = {

diff --git a/secrets/ms-sql-server.age b/secrets/ms-sql-server.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 KAuKJQ uNmFlnOJrSfCYukis4yKo/R0vPbtft6l7bFLL2rhEzM
+3VUCbsImDTPwORsfdV2Upwm2oxdcamCEUrScDnbUOF8
+-> ssh-ed25519 OasC+A vDF4rFXn4Ej6s58w3DIO1CcwxsLc1ea9xI5ziiSe8AY
+JIGPq4U2ekfmm6l2e9EW7oq91Vw0KvKutIaIdt/vOwQ
+-> ssh-ed25519 KAuKJQ K6HF9PlDt8n3J6cQg7FY0UYMWON1dC/XQIyrOS6WKEk
+n33slXMowtZWwmbiG/LxOx0UO6uUMglYsugMlhi2GNM
+-> ssh-ed25519 fKg5bA EPjboK4/bFjUyh/5bSJEvhkpC8nTrS7tSskDzD20Om4
+burv5DChCvC+rhkeei4n+V8Lg+fA8BEfCR8WeiuaI90
+--- 1ru76Rtfhr56aDxjc1G9y719Y662nCWVA1qgqtEF5Es
+�ő��ޫ�?[s��2ՕN**xZ�:YrZ����I�X����J|x��)�!r���<�Sr��w
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
@@ -7,17 +7,19 @@ let
   zero = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOf7dkQDloUFN1Hxn/yWrcqMaJiH/jsXUGAAtL9l92xQ";
   starcruiser = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrPdqIiTrGqnN6eAhRuGl9ZV2sUz/IR85T3/TzUT4Ol";
   riscake = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEeZg4xxANKadIm8hnhM/rQrl77Xwwp0tFRnnANtFgI3";
+  mistral = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFDRGyDQlHPogYIt0IIwI+/1D+U3qbOHOZOyPsAN2NWt";
 
   users = [
     moni.linux
     moni.darwin
     zero
   ];
-  hosts = [
+in
+{
+  "tokens.age".publicKeys = users ++ [
     starcruiser
     riscake
   ];
-in
-{
-  "tokens.age".publicKeys = users ++ hosts;
+
+  "ms-sql-server.age".publicKeys = users ++ [ mistral ];
 }