feat(ops): add nixery-01 instance for hosting nixery.dev r/6635

Change-Id: Ida21ac7240a532bb6063b362155f2b14b2859aae
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9426
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>

2 files changed, 33 insertions, 1 deletions

diff --git a/ops/machines/nixery-01/default.nix b/ops/machines/nixery-01/default.nix
new file mode 100644
index 000000000000..c7c8fd4b5ed9
--- /dev/null
+++ b/ops/machines/nixery-01/default.nix
@@ -0,0 +1,31 @@
+# nixery.dev backing host in ru-central1-b
+{ depot, lib, pkgs, ... }: # readTree options
+{ config, ... }: # passed by module system
+
+let
+  mod = name: depot.path.origSrc + ("/ops/modules/" + name);
+in
+{
+  imports = [
+    (mod "known-hosts.nix")
+    (mod "nixery.nix")
+    (mod "tvl-users.nix")
+    (mod "www/nixery.dev.nix")
+    (mod "yandex-cloud.nix")
+
+    (depot.third_party.agenix.src + "/modules/age.nix")
+  ];
+
+  networking = {
+    hostName = "nixery-01";
+    domain = "tvl.fyi";
+    firewall.allowedTCPPorts = [ 22 80 443 ];
+  };
+
+  security.sudo.extraRules = lib.singleton {
+    groups = [ "wheel" ];
+    commands = [{ command = "ALL"; options = [ "NOPASSWD" ]; }];
+  };
+
+  services.depot.nixery.enable = true;
+}
diff --git a/ops/nixos.nix b/ops/nixos.nix
index 309f12297744..147a016efc00 100644
--- a/ops/nixos.nix
+++ b/ops/nixos.nix
@@ -59,5 +59,6 @@ in rec {
   # Systems that should be built in CI
   whitbySystem = (nixosFor depot.ops.machines.whitby).system;
   sandunySystem = (nixosFor depot.ops.machines.sanduny).system;
-  meta.ci.targets = [ "sandunySystem" "whitbySystem" ];
+  nixeryDev01System = (nixosFor depot.ops.machines.nixery-01).system;
+  meta.ci.targets = [ "sandunySystem" "whitbySystem" "nixeryDev01System" ];
 }