SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 18:41:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add barebone server "alto"

Browse source
This commit is contained in:
SebastianStork 2025-03-27 23:43:54 +01:00
parent 1addecdfb2
commit 7aed295543
7 changed files with 155 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.sops.yaml
View file

@ -1,5 +1,6 @@
keys: keys:
# Hosts # Hosts
- &alto age1qz04yg4h4g22wxqca2pd5k0z574223f6m5c9jy5ny37nlgcd6u4styf06t
- &fern age1sywwrwse76x8yskrsfpwk38fu2cmyx5s9qkf2pgc68cta0vj9psql7dp6e - &fern age1sywwrwse76x8yskrsfpwk38fu2cmyx5s9qkf2pgc68cta0vj9psql7dp6e
- &north age18x6herevmcuhcmeh47ll6p9ck9zk4ga6gfxwlc8yl49rwjxm7qusylwfgc - &north age18x6herevmcuhcmeh47ll6p9ck9zk4ga6gfxwlc8yl49rwjxm7qusylwfgc
- &stratus age1pryafed9elaea6zk5gnf6drjt4nznc02385y973lwt9t2s7j7vmsfnggkp - &stratus age1pryafed9elaea6zk5gnf6drjt4nznc02385y973lwt9t2s7j7vmsfnggkp
@ -11,6 +12,11 @@ keys:
creation_rules: creation_rules:
# Hosts # Hosts
- path_regex: hosts/alto/secrets.yaml$
key_groups:
- age:
- *seb-admin
- *alto
- path_regex: hosts/fern/secrets.yaml$ - path_regex: hosts/fern/secrets.yaml$
key_groups: key_groups:
- age: - age:

11
flake/hosts.nix
View file

@ -24,16 +24,25 @@ in
{ {
flake = { flake = {
nixosConfigurations = lib.mkMerge [ nixosConfigurations = lib.mkMerge [
(mkHost "alto")
(mkHost "fern") (mkHost "fern")
(mkHost "north") (mkHost "north")
(mkHost "stratus") (mkHost "stratus")
]; ];
deploy.nodes.stratus = { deploy.nodes = {
stratus = {
hostname = "stratus"; hostname = "stratus";
sshUser = "root"; sshUser = "root";
remoteBuild = true; remoteBuild = true;
profiles.system.path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.stratus; profiles.system.path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.stratus;
}; };
alto = {
hostname = "alto";
sshUser = "root";
remoteBuild = true;
profiles.system.path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alto;
};
};
}; };
} }

19
hosts/alto/default.nix Normal file
View file

@ -0,0 +1,19 @@
{
imports = [
../shared.nix
./hardware.nix
./disko.nix
];
system.stateVersion = "24.11";
myConfig = {
boot.loader.systemdBoot.enable = true;
sops.enable = true;
tailscale = {
enable = true;
ssh.enable = true;
exitNode.enable = true;
};
};
}

41
hosts/alto/disko.nix Normal file
View file

@ -0,0 +1,41 @@
{
disko.devices = {
disk.disk1 = {
device = "/dev/vda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg.pool = {
type = "lvm_vg";
lvs.root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [ "defaults" ];
};
};
};
};
}

43
hosts/alto/hardware.nix Normal file
View file

@ -0,0 +1,43 @@
{ modulesPath, inputs, ... }:
{
imports = [
inputs.disko.nixosModules.default
"${modulesPath}/profiles/qemu-guest.nix"
];
nixpkgs.hostPlatform = "x86_64-linux";
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
zramSwap.enable = true;
networking.useDHCP = false;
systemd.network = {
enable = true;
networks."10-ens3" = {
matchConfig.Name = "ens3";
address = [
"152.53.85.193/22"
"2a0a:4cc0:c0:23bd::/64"
];
routes = [
{ Gateway = "152.53.84.1"; }
{ Gateway = "fe80::1"; }
];
dns = [
"46.38.225.230"
"46.38.252.230"
"2a03:4000:0:1::e1e6"
"2a03:4000:8000::fce6"
];
linkConfig.RequiredForOnline = "routable";
};
};
services.resolved.enable = true;
}

31
hosts/alto/secrets.yaml Normal file
View file

@ -0,0 +1,31 @@
seb-password: ENC[AES256_GCM,data:oGrXukkbK9qYYo0ci+F4RwiwlRyme/+ypJozgiqH2DFd33SyjYnzX6u2f6a0+rIfwxO45dUrXCJyidWE2Fw26xE/uH9nPmDzuw==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag://NpB2SnxWlJPHNp92hdVA==,type:str]
tailscale-auth-key: ENC[AES256_GCM,data:lGXbnNHnlKSv2Po4J7yTVOdCxwgxENBglp/MLZnIpdqVxEkO3D2Risi4iPkVPnPyKBuI4hog4xtGyiUH5L4=,iv:Cvc8+VPRpPrNYTcWjBYBPzYAwy80hJv1VCR8hrMh4AM=,tag:+qt5Caaxfig6TqoJm/uCwg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cVR4NThpT1FmWWR0NVl5
djFPYWM1MTFtNTc0R05vRzdHYURYcnc3V2lFCmg1MDNDaWJNNmdXb3FxVmV4UHkr
MnB4U09PMDVadHFZQ0VwQjFsL3hVQmcKLS0tIG9pemROZFhweiticzExdUVyK3NG
SDR6cXhBTmNTa1BTeEhlSXRwSmVEOWcKcL/594j/dbbUJTeE4REtMRbNZwIElYEq
vmkKTEvvqyWWeOhu6e2zN2OSY7FJIstirbzU0S7MSJhUOe4LwvXOOg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qz04yg4h4g22wxqca2pd5k0z574223f6m5c9jy5ny37nlgcd6u4styf06t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBac0VBTXZVdmpjc29oMkJT
VXhoZnJaWkFjVEVtelphMzlBM1BaNjM3VjBNCjV3U2JwUnRjeEhWWVlMbmZHcjJP
T1VNUDlNUTM1UjlVdkNGN1BrWHNpVTQKLS0tIDkyWGZVTWFIQzJrVDQ2U0ErQXRm
dEhnSkQ5SDlnbmhGSVdYaDNuc3ZkM00K7WPEZRYWAd7uGY0IcDwGgQVPrpkF/tnz
ncj03JXM4BXwvEQOmD/i6wS4U4WCwkh9EauGJljVFTeu6TciomDULQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-27T20:51:15Z"
mac: ENC[AES256_GCM,data:e0DDr/JHEdceS1ZZBRwdiG783MN5UulCz5GIEhvy3psqMirVBSsnXYGavEwg6E550Dby6wGdaqpFPjorBhj2Qb441gFf6IVGDPGSQg1JVzKpkMVhYBiW9vlshG2dSONcKe2J92O0uIA05Cp7uiv48bUBj13MovvCqvS0O17QCns=,iv:tNC4gk4ardfK01t/LKY73Uzdvn/R5BPdtIaPXR6g1x4=,tag:vygO6ZeQiIySEXREYPprbw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

1
users/seb/@alto/default.nix Normal file
View file

@ -0,0 +1 @@
{ imports = [ ../user.nix ]; }