Add host "cirrus"

2026-01-21 12:51:34 +01:00 · 2025-05-03 20:43:03 +02:00 · 2025-05-03 20:43:03 +02:00 · 01428a1383
commit 01428a1383
parent ce8d4e4208
7 changed files with 131 additions and 0 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,5 +1,6 @@
 keys:
  # Hosts
+  - &cirrus age1dnpwfwh0h95r63e5qfjc2gvffw2tr2tx4new7sq2h3qs90kx9fmq322mx4
  - &alto age1qz04yg4h4g22wxqca2pd5k0z574223f6m5c9jy5ny37nlgcd6u4styf06t
  - &fern age1sywwrwse76x8yskrsfpwk38fu2cmyx5s9qkf2pgc68cta0vj9psql7dp6e
  - &north age18x6herevmcuhcmeh47ll6p9ck9zk4ga6gfxwlc8yl49rwjxm7qusylwfgc
@ -16,6 +17,11 @@ creation_rules:
      - age:
          - *seb-admin
          - *alto
+  - path_regex: hosts/cirrus/secrets.yaml$
+    key_groups:
+      - age:
+          - *seb-admin
+          - *cirrus
  - path_regex: hosts/fern/secrets.yaml$
    key_groups:
      - age:
--- a/flake/hosts.nix
+++ b/flake/hosts.nix
@ -35,6 +35,7 @@ in
  flake = {
    nixosConfigurations = lib.mkMerge [
      (mkHost "alto")
+      (mkHost "cirrus")
      (mkHost "fern")
      (mkHost "north")
    ];
--- a/hosts/cirrus/default.nix
+++ b/hosts/cirrus/default.nix
@ -0,0 +1,12 @@
+_: {
+  system.stateVersion = "24.11";
+  boot.loader.grub.enable = true;
+
+  myConfig = {
+    sops.enable = true;
+    tailscale = {
+      enable = true;
+      ssh.enable = true;
+    };
+  };
+}
--- a/hosts/cirrus/disko.nix
+++ b/hosts/cirrus/disko.nix
@ -0,0 +1,36 @@
+{
+  disko.devices = {
+    disk.main = {
+      device = "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            size = "1M";
+            type = "EF02";
+          };
+          root = {
+            size = "100%";
+            content = {
+              type = "lvm_pv";
+              vg = "pool";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg.pool = {
+      type = "lvm_vg";
+      lvs.root = {
+        size = "100%FREE";
+        content = {
+          type = "filesystem";
+          format = "ext4";
+          mountpoint = "/";
+          mountOptions = [ "defaults" ];
+        };
+      };
+    };
+  };
+}
--- a/hosts/cirrus/hardware.nix
+++ b/hosts/cirrus/hardware.nix
@ -0,0 +1,42 @@
+{ modulesPath, inputs, ... }:
+{
+  imports = [
+    inputs.disko.nixosModules.default
+    "${modulesPath}/profiles/qemu-guest.nix"
+  ];
+
+  nixpkgs.hostPlatform = "x86_64-linux";
+
+  boot.initrd.availableKernelModules = [
+    "ahci"
+    "xhci_pci"
+    "virtio_pci"
+    "virtio_scsi"
+    "sd_mod"
+    "sr_mod"
+  ];
+
+  zramSwap.enable = true;
+
+  networking.useDHCP = false;
+  systemd.network = {
+    enable = true;
+    networks."10-enp1s0" = {
+      matchConfig.Name = "enp1s0";
+      linkConfig.RequiredForOnline = "routable";
+      networkConfig.DHCP = "no";
+      address = [
+        "91.99.70.118/32"
+        "2a01:4f8:1c1b:ffc7:1/64"
+      ];
+      routes = [
+        {
+          Gateway = "172.31.1.1";
+          GatewayOnLink = true;
+        }
+        { Gateway = "fe80::1"; }
+      ];
+    };
+  };
+  services.resolved.enable = true;
+}
--- a/hosts/cirrus/secrets.yaml
+++ b/hosts/cirrus/secrets.yaml
@ -0,0 +1,31 @@
+seb-password: ENC[AES256_GCM,data:/J83cgpBhjl6VveVZTX0ElEyexn3G3pZp6RKgfbR39QoG/5mExOk2xM999YFb5/vGaivogGQeFhwQ0j5Ij0KdaWCTXkFIQtfBw==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:QTqmyyywH0cV5rGQhPBBGg==,type:str]
+tailscale-auth-key: ENC[AES256_GCM,data:u4F4B7cxqX5S+25lsB/X3WUYJFlLrIcqA+pWABDn0j08nL6a1Vg4n94LjkWYlcLIj9Axj9UCRurgPVwNpA0=,iv:iKZzHTD00h9/vwkewo14Ox+9EMuo5GawemRVjn1gLuM=,tag:ikLoAEbMDNlRZ3PGke2OZQ==,type:str]
+sops:
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  age:
+    - recipient: age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFTldDcUk1dGVRMzNmZUhw
+        bzFRYUdNM3ZQanFIbkpyc2lqeTlLNFJEVzNrCjlnK2pRSnVmUU5WeGo1VW5kVjZp
+        b1hTZFB3eVZPL2xpU0F0MlBlTVNVTE0KLS0tIGU2YlRhMG9QRi9uYkVCOFlGTVhK
+        US82UEZXeUZxT2Fub3dRenNSTGVDdnMKJlKpdZdKGGKHcvczYNnzSz6T79mlT67I
+        QxNZvBQI+rZ6bNxDu4LqbtwCqRVu1uJLdedGY1VPF3ZIwfuzewyVDA==
+        -----END AGE ENCRYPTED FILE-----
+    - recipient: age1dnpwfwh0h95r63e5qfjc2gvffw2tr2tx4new7sq2h3qs90kx9fmq322mx4
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhc1E4VFJWUTl0Nkhjc1VL
+        amRLN3pLcVUvc1diWmhHTVdTYjd5SmxYS2hBCkpQSXFnQlVqcndtejNoL2xQQlRh
+        cG1uNlQxSUpJc0tRZHZFOVhibnFZOUUKLS0tIE84UGtkdldzM2oyTmF0Y0xPckpZ
+        aHNody9YR2ZKTDNINmNvbGNHb0dCRVkKXcUQxU0Craqkze0l0mH75MKTnkf7a/ae
+        XeqWVJRO1WpG+UhF3QB3yMq9uy0vlc3JnD3LsE0inWUSl0s6AgDZOg==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2025-05-04T19:13:40Z"
+  mac: ENC[AES256_GCM,data:wTYrJHhjfYxeMEg64bgCI+sn4paLZ5de6eZ2md5VIv/nQkS8U8IznAq22rLp+X9WW5G1tbHlqte/7YCSFzeDOUG6/V7FBWht9QSbFnyBR3bTw5Bp98b0mTdvTWXTXSS7PNgzMhCiHyTVo1jcR+G3rfu4055PJe4wsbzk8nmNiLU=,iv:mgtXxoJT0pnC1f6bsovU1arPIl6jvqEyRS6OHT5ELQo=,tag:1FwWG4UO/KW2mcH3zBFJ9g==,type:str]
+  pgp: []
+  unencrypted_suffix: _unencrypted
+  version: 3.9.4
--- a/users/seb/@cirrus/default.nix
+++ b/users/seb/@cirrus/default.nix
@ -0,0 +1,3 @@
+_: {
+  imports = [ ../user.nix ];
+}