SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 14:01:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add host "cirrus"

Browse source
This commit is contained in:
SebastianStork 2025-05-03 20:43:03 +02:00
parent ce8d4e4208
commit 01428a1383
7 changed files with 131 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.sops.yaml
View file

@ -1,5 +1,6 @@
keys: keys:
# Hosts # Hosts
- &cirrus age1dnpwfwh0h95r63e5qfjc2gvffw2tr2tx4new7sq2h3qs90kx9fmq322mx4
- &alto age1qz04yg4h4g22wxqca2pd5k0z574223f6m5c9jy5ny37nlgcd6u4styf06t - &alto age1qz04yg4h4g22wxqca2pd5k0z574223f6m5c9jy5ny37nlgcd6u4styf06t
- &fern age1sywwrwse76x8yskrsfpwk38fu2cmyx5s9qkf2pgc68cta0vj9psql7dp6e - &fern age1sywwrwse76x8yskrsfpwk38fu2cmyx5s9qkf2pgc68cta0vj9psql7dp6e
- &north age18x6herevmcuhcmeh47ll6p9ck9zk4ga6gfxwlc8yl49rwjxm7qusylwfgc - &north age18x6herevmcuhcmeh47ll6p9ck9zk4ga6gfxwlc8yl49rwjxm7qusylwfgc
@ -16,6 +17,11 @@ creation_rules:
- age: - age:
- *seb-admin - *seb-admin
- *alto - *alto
- path_regex: hosts/cirrus/secrets.yaml$
key_groups:
- age:
- *seb-admin
- *cirrus
- path_regex: hosts/fern/secrets.yaml$ - path_regex: hosts/fern/secrets.yaml$
key_groups: key_groups:
- age: - age:

1
flake/hosts.nix
View file

@ -35,6 +35,7 @@ in
flake = { flake = {
nixosConfigurations = lib.mkMerge [ nixosConfigurations = lib.mkMerge [
(mkHost "alto") (mkHost "alto")
(mkHost "cirrus")
(mkHost "fern") (mkHost "fern")
(mkHost "north") (mkHost "north")
]; ];

12
hosts/cirrus/default.nix Normal file
View file

@ -0,0 +1,12 @@
_: {
system.stateVersion = "24.11";
boot.loader.grub.enable = true;
myConfig = {
sops.enable = true;
tailscale = {
enable = true;
ssh.enable = true;
};
};
}

36
hosts/cirrus/disko.nix Normal file
View file

@ -0,0 +1,36 @@
{
disko.devices = {
disk.main = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
};
root = {
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg.pool = {
type = "lvm_vg";
lvs.root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [ "defaults" ];
};
};
};
};
}

42
hosts/cirrus/hardware.nix Normal file
View file

@ -0,0 +1,42 @@
{ modulesPath, inputs, ... }:
{
imports = [
inputs.disko.nixosModules.default
"${modulesPath}/profiles/qemu-guest.nix"
];
nixpkgs.hostPlatform = "x86_64-linux";
boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
zramSwap.enable = true;
networking.useDHCP = false;
systemd.network = {
enable = true;
networks."10-enp1s0" = {
matchConfig.Name = "enp1s0";
linkConfig.RequiredForOnline = "routable";
networkConfig.DHCP = "no";
address = [
"91.99.70.118/32"
"2a01:4f8:1c1b:ffc7:1/64"
];
routes = [
{
Gateway = "172.31.1.1";
GatewayOnLink = true;
}
{ Gateway = "fe80::1"; }
];
};
};
services.resolved.enable = true;
}

31
hosts/cirrus/secrets.yaml Normal file
View file

@ -0,0 +1,31 @@
seb-password: ENC[AES256_GCM,data:/J83cgpBhjl6VveVZTX0ElEyexn3G3pZp6RKgfbR39QoG/5mExOk2xM999YFb5/vGaivogGQeFhwQ0j5Ij0KdaWCTXkFIQtfBw==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:QTqmyyywH0cV5rGQhPBBGg==,type:str]
tailscale-auth-key: ENC[AES256_GCM,data:u4F4B7cxqX5S+25lsB/X3WUYJFlLrIcqA+pWABDn0j08nL6a1Vg4n94LjkWYlcLIj9Axj9UCRurgPVwNpA0=,iv:iKZzHTD00h9/vwkewo14Ox+9EMuo5GawemRVjn1gLuM=,tag:ikLoAEbMDNlRZ3PGke2OZQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFTldDcUk1dGVRMzNmZUhw
bzFRYUdNM3ZQanFIbkpyc2lqeTlLNFJEVzNrCjlnK2pRSnVmUU5WeGo1VW5kVjZp
b1hTZFB3eVZPL2xpU0F0MlBlTVNVTE0KLS0tIGU2YlRhMG9QRi9uYkVCOFlGTVhK
US82UEZXeUZxT2Fub3dRenNSTGVDdnMKJlKpdZdKGGKHcvczYNnzSz6T79mlT67I
QxNZvBQI+rZ6bNxDu4LqbtwCqRVu1uJLdedGY1VPF3ZIwfuzewyVDA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dnpwfwh0h95r63e5qfjc2gvffw2tr2tx4new7sq2h3qs90kx9fmq322mx4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhc1E4VFJWUTl0Nkhjc1VL
amRLN3pLcVUvc1diWmhHTVdTYjd5SmxYS2hBCkpQSXFnQlVqcndtejNoL2xQQlRh
cG1uNlQxSUpJc0tRZHZFOVhibnFZOUUKLS0tIE84UGtkdldzM2oyTmF0Y0xPckpZ
aHNody9YR2ZKTDNINmNvbGNHb0dCRVkKXcUQxU0Craqkze0l0mH75MKTnkf7a/ae
XeqWVJRO1WpG+UhF3QB3yMq9uy0vlc3JnD3LsE0inWUSl0s6AgDZOg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-04T19:13:40Z"
mac: ENC[AES256_GCM,data:wTYrJHhjfYxeMEg64bgCI+sn4paLZ5de6eZ2md5VIv/nQkS8U8IznAq22rLp+X9WW5G1tbHlqte/7YCSFzeDOUG6/V7FBWht9QSbFnyBR3bTw5Bp98b0mTdvTWXTXSS7PNgzMhCiHyTVo1jcR+G3rfu4055PJe4wsbzk8nmNiLU=,iv:mgtXxoJT0pnC1f6bsovU1arPIl6jvqEyRS6OHT5ELQo=,tag:1FwWG4UO/KW2mcH3zBFJ9g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

3
users/seb/@cirrus/default.nix Normal file
View file

@ -0,0 +1,3 @@
_: {
imports = [ ../user.nix ];
}