From 73ae83a9b7ebc0ffb2ad87c9164092d9d4c459cf Mon Sep 17 00:00:00 2001
From: RGBCube <git@rgbcu.be>
Date: Sat, 11 May 2024 16:27:45 +0300
Subject: [PATCH] Initial tard host config

---
 .gitignore                   |  2 ++
 hosts/tard/default.nix       | 50 ++++++++++++++++++++++++++++++++++++
 hosts/tard/id.age            | 19 ++++++++++++++
 hosts/tard/password.tail.age | 15 +++++++++++
 keys.nix                     |  1 +
 modules/ssh/default.nix      |  9 ++++---
 secrets.nix                  |  4 +++
 7 files changed, 96 insertions(+), 4 deletions(-)
 create mode 100644 hosts/tard/default.nix
 create mode 100644 hosts/tard/id.age
 create mode 100644 hosts/tard/password.tail.age

diff --git a/.gitignore b/.gitignore
index 1bfd5d6..7cc4da0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,6 +17,8 @@
 
 !hosts/enka/
 
+!hosts/tard/
+
 !modules/
 !modules/hyprland/
 !modules/nushell/
diff --git a/hosts/tard/default.nix b/hosts/tard/default.nix
new file mode 100644
index 0000000..86693cf
--- /dev/null
+++ b/hosts/tard/default.nix
@@ -0,0 +1,50 @@
+{ config, lib, keys, ... }: with lib; merge
+
+(systemConfiguration {
+  system.stateVersion  = "23.11";
+  nixpkgs.hostPlatform = "x86_64-linux";
+
+  secrets.id.file            = ./id.age;
+  secrets.tailPassword.file  = ./password.tail.age;
+
+  users.users = {
+    root.hashedPasswordFile = config.secrets.tailPassword.path;
+
+    tail = sudoUser {
+      description                 = "Tail";
+      openssh.authorizedKeys.keys = [ keys.enka ];
+      hashedPasswordFile          = config.secrets.tailPassword.path;
+    };
+  };
+
+  services.openssh.hostKeys = [{
+    type = "ed25519";
+    path = config.secrets.id.path;
+  }];
+
+  networking = {
+    ipv4 = "";
+    ipv6 = "";
+
+    domain = "rgbcu.be";
+
+    defaultGateway  = "";
+    defaultGateway6 = "";
+
+    interfaces.XXX = {
+      ipv4.addresses = [{
+        address      = config.networking.ipv4;
+        prefixLength = 25;
+      }];
+
+      ipv6.addresses = [{
+        address      = config.networking.ipv6;
+        prefixLength = 64;
+      }];
+    };
+  };
+})
+
+(homeConfiguration {
+  home.stateVersion = "23.11";
+})
diff --git a/hosts/tard/id.age b/hosts/tard/id.age
new file mode 100644
index 0000000..30f47dc
--- /dev/null
+++ b/hosts/tard/id.age
@@ -0,0 +1,19 @@
+age-encryption.org/v1
+-> ssh-ed25519 V6IHIQ 91DIbwI9swXgY2lHL3mWfc8gsImBcKjO0Xzd/zXRzyc
+0cOnu+aAh2sC1v0O2yhQ2YE6HUrJdQ96E6JKiipt9qM
+-> ssh-rsa jPaU3Q
+VWFFOze3RTBoIKWvozOzzXLPhj0LMAp12nTHzP0QznZC+Iu9+RBdUjzaeZ03AVci
+6dvpZHDxCFe+U+jfS7X+3Cl4XSQaepboxFcLwxoL3w/1liJVrMb3BlWfpDxdMuId
+DwSZVkLdOLQs3/6na64Hy1o8PSfmJ7Q8hJMLoqNN6eOxqy/EZIaVWncOUHnT5C5g
+cJDo++uiHIIdkTD46oWvuN5qjpzze/Avvlck8JpsZlXu45IjrRFMdhL01mGy7oU6
+4ODsP2XhIDXlSbJCp5F9FciYMjJYCZDFQ4kGuau8/vItI00llABeijsPm6FaKEe7
+fCdo2DTdO7RypXuDn/ALNMv4EejxQ+TdpvKs25Ko7dz2i78K/YOLICskU27tHqa0
+MantsYS6XN4bCSCygKxTrgVNBtVu8GYfMziZRI6HBQ8vSGINPt2K1vvF+YnIDTKn
+5gD6SYCoqKtZJRkzSTXLm0Q1YhnhAPwNze/X+RGSaCpCPVbhOqLIy0X5/6tuacK3
+
+--- 8WAvkROEgqHn6kw2L0WbiVUNKh16tLZVpfKdkYXTrpE
+1åÂËkz“=Û‹põ<L‰ŸÜ`AÒñX¤\ÛkÍØ,ýª˜Ýpöc)×ƒœã“›#xžÕî“À‘÷ÁC±Ÿ³k¾BV…È¾SÊ{W™ý†^oöÿ¡
+™áW1ÐŸn† s¯þÐ…8±Éy#[”“õú9
+ý L–jñ§ÍÇíÆQý0h`ufÍ´ðE¼ï…O®ÌR8{X-
+ÌKDŸNÔJ™¼\£ÄZôvwÄÃÜsâÕ=ÌŠSŠø	6~,ðÄ‹r•àYqéÙ.fµúk§„Dcð³ÄdšKdy'??þl÷bê-¼ÛFøÝ+ë±g¨éË¨ë?‹žT)ªKåHã‹-8`Dë…	Ù§mÆŠLi5ù6²aU@Ø^ò4¸—:y0ºqÑ^P’‚›/ÞYe% )õøæŸÈQ=©V²åh¢“õìÇp¬3Ì±¾ò14•½Þè7ûÇÕtÙ
+¾.1ùýÃ/´zž³ÇD1«*”úRà¤_6sD®7Uˆƒ°1vÂbÉ …%°…L½<LÁ\›l"¢”hEÔ.¾b
\ No newline at end of file
diff --git a/hosts/tard/password.tail.age b/hosts/tard/password.tail.age
new file mode 100644
index 0000000..81e50db
--- /dev/null
+++ b/hosts/tard/password.tail.age
@@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> ssh-ed25519 V6IHIQ WPoRXyEXeNNfsjWnf1P0GdxY0tI2e7CXb5jX7CFJ6R0
+SFoPv2ciqczQ9nObpNprFhHZbatDUKaReSZYxtFhvH8
+-> ssh-rsa jPaU3Q
+BW2Be8ENiHyaTuf0jf6wvzutP61E2ksk2vcDXIf05Rim4POZ9EgF2ZU5y1tnuCgN
+JpziWT6qzSmuiBMq9NWoj19fC+1/t9j8ocamcjY7EDhHpO4HDUwFfMAGTMVyjtFb
+AnRg5UIoAT654jmikM7vOtF+aX7K+HXiawuCbnVl0gB8HUNuX8y9PSdBH0AMboiR
+qNJT3RmaVw8L/Nm2mdbHDiZELVQeJNIoTs5RNAXUHZbnVUpGM/WgRG7hCBmpmQT7
+mL6HLD/717YMdbXxgl2j+ytdUeuVgc3btKbSkUt6RqnoMG1bXK4V5JM8Yx+1iv/U
+gZO0SV5J2javlYzVrJmb2J6l+3mcAxOW8UjA47vilQK3guY1UM4oYjk3ZkykznTm
+67yC5Zzlj7Smrn5GZ+G+F1hLVUTpUi0Hdw20O739HOkwK+82PGjquN3UZ4Grzg01
+BgfPxyXNxbUUz1N6D3OpZUdgfdIby04lpPVsYPg5cQmqE+BFhz4D8Od7T5sNBYep
+
+--- Wd38yO4ui/BAnqkQKdmW+/vCrxNfrm9JiGHj7L3aZM4
+NÕ¶¸‚¨†]º8EÐÏ‘œÈ,‡AOUÿùNOßZãD½[è×n­•Ç›/}k³­®“¯».Ô5ÐŠ]>‡ýÍ|Kg-ÓY§ðt‰ŠùÁïcŒ±\søéÃ†nûØ7DöGPï
\ No newline at end of file
diff --git a/keys.nix b/keys.nix
index 44ac65b..322d9d4 100644
--- a/keys.nix
+++ b/keys.nix
@@ -2,4 +2,5 @@
   cube = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINMkCJeHcD0SIOZ4HkyF6rqUmbvlKhSha3HWMZ0hbIjp rgb@cube";
   disk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItpYQ3Pz6zFifKXvFX7xAC8aby9RW/m5PkW8T9SOee4 floppy@disk";
   enka = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRSLWxpIMOZIQv9ggDnAwSxmux/TZvuEPgq2HFiH+oI2OE07xYQAiroBVI5HH+aIg1nwpYtArANoD8V9Hrx2XCo2py/fMi9LhJWNMlFVcRLqYrCmrZYhBqZhxXIdY+wXqkSE7kvTKsz84BrhwilfA/bqTgVw2Ro6w0RnTzUhlYx4w10DT3isN09cQJMgvuyWNRlpGpkEGhPwyXythKM2ERoHTfq/XtpiGZQeLr6yoTTd9q4rbvnGGka5IUEz3RrmeXEs13l02IY6dCUFJkRRsK8dvB9zFjQyM08IqdaoHeudZoCOsnl/AiegZ7C5FoYEKIXY86RqxS3TH3nwuxe2fXTNr9gwf2PumM1Yh2WxV4+pHQOksxW8rWgv1nXMT5AG0RrJxr+S0Nn7NBbzCImrprX3mg4vJqT24xcUjUSDYllEMa2ioXGCeff8cwVKK/Ly5fwj0AX1scjiw+b7jD6VvDLA5z+ALwCblxiRMCN0SOMk9/V2Xsg9YIRMHyQwpqu8k= said@enka";
+  tard = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDzvLg5IvqGzqdiNUOsRLPdYC56wXXSYNo9QNlXwaCKw tail@tard";
 }
diff --git a/modules/ssh/default.nix b/modules/ssh/default.nix
index 16a909d..00e5f09 100644
--- a/modules/ssh/default.nix
+++ b/modules/ssh/default.nix
@@ -40,10 +40,11 @@
         port     = 2222;
       };
 
-      tailtard = {
-        hostname = "164.92.186.28";
-        user     = "root";
-      };
+      # tard = {
+      #   hostname = self.tard.networking.ipv4;
+      #   user     = "tail";
+      #   port     = 2222;
+      # };
 
       robotic = {
         hostname = "86.105.252.189";
diff --git a/secrets.nix b/secrets.nix
index 47791aa..c0a35b8 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -31,6 +31,10 @@ in with keys; {
   "hosts/enka/password.orhan.age".publicKeys = [ enka ];
   "hosts/enka/password.said.age".publicKeys  = [ enka ];
 
+  ### tard
+  "hosts/tard/id.age".publicKeys            = [ tard enka ];
+  "hosts/tard/password.tail.age".publicKeys = [ tard enka ];
+
   ### shared
   "modules/ssh/config.age".publicKeys  = all;
 }