Add new host "fern"

2026-01-21 19:51:34 +01:00 · 2025-03-07 13:03:29 +01:00 · 2025-03-07 13:03:29 +01:00 · 02cd2d5f03
commit 02cd2d5f03
parent c56cefd0c4
8 changed files with 177 additions and 1 deletions
--- a/hosts/fern/default.nix
+++ b/hosts/fern/default.nix
@ -0,0 +1,34 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ../common.nix
+    ./hardware.nix
+    ./disko.nix
+  ];
+
+  system.stateVersion = "24.11";
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  myConfig = {
+    boot = {
+      loader.systemd-boot.enable = true;
+      silent = true;
+    };
+
+    dm.tuigreet.enable = true;
+    de.hyprland.enable = true;
+
+    wlan.enable = true;
+    bluetooth.enable = true;
+
+    sound.enable = true;
+    virtualisation.enable = true;
+    sops.enable = true;
+    auto-gc.enable = true;
+    geoclue.enable = true;
+    tailscale = {
+      enable = true;
+      ssh.enable = true;
+    };
+  };
+}
--- a/hosts/fern/disko.nix
+++ b/hosts/fern/disko.nix
@ -0,0 +1,60 @@
+{
+  disko.devices = {
+    disk.main = {
+      type = "disk";
+      device = "/dev/nvme0n1";
+      content = {
+        type = "gpt";
+        partitions = {
+          ESP = {
+            type = "EF00";
+            size = "512M";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+              mountOptions = [ "defaults" ];
+            };
+          };
+          luks = {
+            size = "100%";
+            content = {
+              name = "cryptroot";
+              type = "luks";
+              settings = {
+                allowDiscards = true;
+                bypassWorkqueues = true;
+              };
+              passwordFile = "/tmp/secret.key";
+              content = {
+                type = "lvm_pv";
+                vg = "pool";
+              };
+            };
+          };
+        };
+      };
+    };
+    lvm_vg.pool = {
+      type = "lvm_vg";
+      lvs = {
+        swap = {
+          size = "20G";
+          content = {
+            type = "swap";
+            resumeDevice = true;
+          };
+        };
+        root = {
+          size = "100%FREE";
+          content = {
+            type = "filesystem";
+            format = "ext4";
+            mountpoint = "/";
+            mountOptions = [ "defaults" ];
+          };
+        };
+      };
+    };
+  };
+}
--- a/hosts/fern/hardware.nix
+++ b/hosts/fern/hardware.nix
@ -0,0 +1,31 @@
+{ inputs, ... }:
+{
+  imports = [ inputs.disko.nixosModules.default ];
+
+  nixpkgs.hostPlatform = "x86_64-linux";
+
+  hardware = {
+    enableRedistributableFirmware = true;
+    cpu.amd.updateMicrocode = true;
+  };
+
+  boot = {
+    kernelModules = [ "kvm-amd" ];
+    initrd.availableKernelModules = [
+      "nvme"
+      "xhci_pci"
+      "thunderbolt"
+      "usb_storage"
+      "sd_mod"
+    ];
+  };
+
+  services = {
+    fwupd.enable = true;
+    logind.lidSwitch = "ignore";
+    upower = {
+      enable = true;
+      criticalPowerAction = "Hibernate";
+    };
+  };
+}
--- a/hosts/fern/secrets.yaml
+++ b/hosts/fern/secrets.yaml
@ -0,0 +1,43 @@
+seb-password: ENC[AES256_GCM,data:LlW1njlY0tVfYne/NFM2KJbAPb4eAQgy0mPMIZAIPH5mdr7cSCaPYhc+WF5ZlrlL//mh8WHhsHbEBuA6P7oabSeP6ZczCmTV6w==,iv:oWQj47oxjxR3DBHhFwUD/Emj5ziZHwcbXzD69ChRmHU=,tag:cuTloyd4HW6behF8fmWdxw==,type:str]
+tailscale-auth-key: ENC[AES256_GCM,data:srdexq7OgvIXn2NIjVIu1VMbAMNQWCH1ug+HZbnRJGmYQ1R/2gQ1vEYeEUlYsq423M1TBCO1tXxGHlTHpw==,iv:pqKyU9FessYkasFYx850iYMqzMHPWjIrDyVToNmbqV4=,tag:YAqI/dpjnPBmZXE+4hVpLw==,type:str]
+wlan:
+  WLAN-233151:
+    key: ENC[AES256_GCM,data:/DAuYEU6tUisLxz/9TkdB4Yk/vQ=,iv:Ubj28yyfOqcXQyUs9e0iPq0BscHjfB2vRQd14x8L4Cg=,tag:vf9FITNJZxEzLo5+ZInD5Q==,type:str]
+  EW90N:
+    key: ENC[AES256_GCM,data:+lJNzFrJTZUrwanr5HG9n4mt4Z4=,iv:HNE+oKLye482+/fupMZUuLIU2Ws+3hpHUITviPREiL8=,tag:ioCQASLPZ9QoDobNNAOiYQ==,type:str]
+  Fairphone4:
+    key: ENC[AES256_GCM,data:5lBk/JEcvMZj+MJ2/0PIdVbt6mZkGg==,iv:Kg82ZHGCLzPBmEt5G6SK7yzAqEDTVD8MW+OzxG03ZU8=,tag:Re2sRvRkiiqqy3ylbimdqA==,type:str]
+  DSL_EXT:
+    key: ENC[AES256_GCM,data:cyc4Dys+356io+9Oc2J4fp0sLUg=,iv:CpP2v9ZGLzVlEU0Tc1Vz0Pa33vuoORshZVKJr3uSBuQ=,tag:2qMQJa77fuy8iWNWgVsT4g==,type:str]
+  eduroam:
+    password: ENC[AES256_GCM,data:ZaU/8lBnFhYQjx4N9u+qZ41bHS0=,iv:Lk9biaZqC0trXo+RdcpMfaXwmMZH/764RWebtjjDYek=,tag:HbL+D32T9WpM+c5RlYywyA==,type:str]
+    cert: ENC[AES256_GCM,data:rHBNf2gxM7Ln/AwwEfRnkooY1u4HTEzkzz1nCRNX7mcRPP6Gg7FsARL2v9TOtGezv9dUW+yjmlGbf36FwlHTTs9J0hNQxW+o3g1m4fARbf0YXFbjb9xh0ZIpOq0eIXUwds3fBUzMmtWqnF5ElAQdc7ZkS984+uTbMliZBE98dPumgGt2Z2+eoCF6GpslwQZ2dkLrIMsJ4OFkILGn4NyaorkRfcIV8QMYjufb3sc0nMUqb1Idj/qFqVy8gbNFo1lG21WN6Xv9fYw5ic1Gyu8+YSrrk1EoIgBkxmN26U/xN6RT1Ao61mKkCuZWARDyBcMzvUGrQu/xgn3mDbn2PbuTOq4cts9dHrrlHx7rzHlwDaoctkORs8p9dM86c/+taZgLdTzFn2YpgEVBR+oTRAgnzK62ej6L+DZope9eIhjSJTmvTfZrac0Nhktm8IYX48MBXufmcqISUPo6/1gIN5vNxghzP5i6FT+yWJRZ2g+RBz2A5vLad0s2FRZsPQkAhIPuaNZR9EcnP2n/d+qrHZ9XQ8XrQvTQJAzyBUfrVtJjQZgxKiI8MNAbJBK9732rjoPBgfWio9I1Q+iNPVFoDDBcRxtf+Mp/T/fi9YkV8N75p1PiIpOgq/Uthsw4RhtcjPca6E60A8hKAbvXbYsiOwZVCUOoaZXWEW/2/no4yVHO4NE8t3PD4XAVHbsRuXW4g4dxsusApLGPwt0oEU9FUpYeDB1XCa1J0zkvqUEM+Kqu6pirYzOU8KN2nPRRt/6C3bBP5Hrk/FRg3lgGMpKhecK8YgmTZ60WZqvvAG1Iybi8ziIzrEaVZeAh+rmxIYn1PiF2+bfhh45n8v9btC5fNEgnZ7gjgpK9VFJd1JPCM0EDWs5/b5cXmkM+OAs2Gx498vW9yYBn0XTVIQOtcVfpoyekLO8hUpH2bqKd8BA4BnDiiOGTdz5Z6QemlahpehhLIUp0iRsDuvcWUn5hsu6prWL+M8mXg2MMnyfONcEfJlW0BCfsAHJ8tjmMLp1zi0MGYt0wKH756QnPBWe5WgMj4L2MDdkLlfrz+IaRK1trT4ySh9W6EDSGCdPozm6JWGWf36d5qQODL+YQAyg6uY6hSSeu79rDpznEP/c8F4q6zO7xEH6O+p2qf0T7bBI1MQwJyBPaMecrrZHQobHWaocpO99Ld1sW/TP46/4DGhu4PuNH7MBehhTnt6eqBcJHr+AxBdYvKkJz8TNR+xZ46t2YpUCr0XSLmVbx2pjpessCR5MDrIX6lb1YBjmsLlwQpVfi4QWmI4klUOKJTESq54mdSceWPlyfgisyfg+wkxrfJ/P4nbvfXCdJvngHkciam5uA7+8l1Up3Pyj46aZJKQ3SeCaqD4gCAsS13A9s6Q0rJUn4CQZO/It++K2/QDPiaJ9PPHaOTwIuBUevUvKlaSNk82I/hx6UyTQHj1aDazdefvYYtxh4b4H4vbL2K3c6v2ZRX2zA6SjD8eHwWZO94J5fSNXZD3o+euuuDfxO4fTcMxJGALaf3P3KSpVPUGMYV7WYeCgDxNSfVxMhLlBZvXQQefN5ijBs8bcwjERDsCyDU+e0K7JFaAirHixFxCDTY2z8KG+gNIlcZ8uhazaSX/Iwtqsd/i8uHTZ10Wa0wsoN5yTRWptkV8dNMHPQPi+58lj4pIlt01zPZeFUw69TrCdlcrXZZ0OQZs8/30LHjW0gLyOEKbusRabXUZUoQWMloXdakpm2jxNRjaE3mJeulKJDZNZk88ekWcWAI6L2wvfBeBaHwcIvUcn+n54CmKCgKvLVOBoJSRU+Lu/1Wg0Gol3Mc3NKz2NJg+TqHBZod3cMuwNTZ2fuTS3ytQZBXb97XOrN/gS55NNB2yjJye3hCWbSArIeHtbv0iJmBOLcMNggzNDiD1BKKcEqG/J0t5GCOD1l3vWn3r3x1ffvzPcoXN7LayGJhbBMGazpgrE4B1ox9JIVyRRCTgVRx3x5OuI+FlV4EO+QV9b/JS8SGTjckz9d1jH7WHzn0jgPcze/8m9rhsS6R8My6Vv2Yk0gJpwNNOru6h41OLM7X0yBzhWELdw/aIrq8Shqm40RE1nP7TUW8gCqu737YTp85w+xcQO0wKMQqaJfdJGC8iHp6Bhyu6DIxWGwsBDCO79J72OWOqLrZMurzqAWQf09vRneAQmI+WKHcp8jWQBdVgIHyJzguwHLZb1sJPxUYffkjzogvRiStaZE//cTio88K6jw81KoWXLI6roJg/hV5isKISRH+K1x80b8oziXJtYHEtVeCcMByxWmrcrgQn2qmWemVFNzw/F7ZUKPu3EbOQiaNAgdiYRQi2tFZJjSLVSXN0H+m2Vag8phWzS5KSfsFBXdg2cVPQpxwV0Blcw3c+9bPdkayMc3B7xev/89mfDmX8c+CMLrjk9i3de2UGdsb/CXoNzG2g2/RC5OUcdnBdPvgswNOpkSjSiGXDkcEH3jSs7GaTwY29M8P0BxB74v2FXP6Q1IklnXoeIpGNSfk489ASiJVBPwAQuIuVgNmXxOsZkhT1d/9vepusleeyBNmlg/oJQoKIIeQluIDe+9BqE/9udIW+XASbqjfSU6TKQEkEX4BIoLITy/l1vnC1qKlV/4Ms0CawdTB/e/YmqRBDYZdaExA6t9hgUBUWzJWoLU0cVpoxq6DervMWKD/nXX0h3JCaZc7rI561eUV8zCjyHvxVFf1+GFxPRUvgpUSYcg7w3Xo5xTTSGkeEqnOzq6ha9YfavGVti969elOZh9274=,iv:gJctzc0Yp69mZ+dP+97Zs6WYzkZsIg+ATX73GnHkIkY=,tag:Yhkzq4qVPD0RqED8q+rpJw==,type:str]
+sops:
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  age:
+    - recipient: age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4eHZacFd0T0VydGw5ZE1Y
+        ZVhZNTlOSm1aVHJXQ1NBeXN3eVp1ZlNUZ1U0CjRtek5qclpCbVB2Y1luNlBOelFh
+        bGwrRjNQdDY5ZnpXTERUMUhkUEpnRE0KLS0tIFM3YlVZaG9LSEU2M2NyNXRMRFNH
+        OUJMRXgySjNZY25qcmZjbThncWFuUUEKPa3qgJeDoiCpnt4auvh/dTfI3Qb/vS/D
+        /9T4me16sr2R/IVPmAkorL2q58Jooa2fvE41nOcxbtWIZphDz3cS4g==
+        -----END AGE ENCRYPTED FILE-----
+    - recipient: age1sywwrwse76x8yskrsfpwk38fu2cmyx5s9qkf2pgc68cta0vj9psql7dp6e
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoRGVaSEozZUtacFpkSG5R
+        eG1WRUx0N3RnUGZXZEg3WEZ6N0dHV3RaZVFzCmVuaHBPQ1FiNDlBVmhRaUdwbVBC
+        MFcrbHF1OEd4QlcrMUt1NnB1aUlCZkEKLS0tIDlFdy9UZlpZWlFiNkNHaUpZdW12
+        V1E4bnVHZGg0bFdPNldoTDZnaDlNQk0KU9AJzhzgbg4/x4l7v9QY3HjZ7iE6K/2X
+        CWZ9kbg7KsR0mYP6H/VBvJp5prF5x7DRPU+KtZsjDLcm4KmHAmPXZQ==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2025-03-07T11:53:24Z"
+  mac: ENC[AES256_GCM,data:MtCQ6H/GJZnCf75E2bXj+13mFZbS8R6QHC77mF9+YMZ5gjfFXikqiyGPAL75k08GzUAaf+FfXIE63if0YsQe5W6F/k+/daXvFFMPTSrfCWE+n08gF+1k4gXqVLpZGEjVmRJ58onsivQu6ezV7fO3nKv9PVvE9k6YdQuyVPpiULo=,iv:jBJKRFKG9xesLzpkglhkgn1tjhzUxUpw6p4ZyDvT9Ag=,tag:6AXIxDzZurnNeEaOyKmc+g==,type:str]
+  pgp: []
+  unencrypted_suffix: _unencrypted
+  version: 3.9.4