Add nine

.gitignore

@@ -17,6 +17,8 @@
 
 !hosts/enka/
 
+!hosts/nine/
+
 !hosts/tard/
 
 !modules/

hosts/cube/hardware.nix

@@ -1,9 +1,7 @@
 { lib, modulesPath, ... }: with lib;
 
 systemConfiguration {
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
 
   boot.loader.grub = enabled {
     device = "/dev/vda";

hosts/nine/default.nix

@@ -0,0 +1,50 @@
+{ config, lib, keys, ... }: with lib; merge
+
+(systemConfiguration {
+  system.stateVersion  = "23.11";
+  nixpkgs.hostPlatform = "aarch64-linux";
+
+  secrets.id.file             = ./id.age;
+  secrets.sevenPassword.file  = ./password.seven.age;
+
+  users.users = {
+    root.hashedPasswordFile = config.secrets.sevenPassword.path;
+
+    seven = sudoUser {
+      description                 = "Hungry Seven";
+      openssh.authorizedKeys.keys = [ keys.enka ];
+      hashedPasswordFile          = config.secrets.sevenPassword.path;
+    };
+  };
+
+  services.openssh.hostKeys = [{
+    type = "ed25519";
+    path = config.secrets.id.path;
+  }];
+
+  networking = {
+    ipv4 = "152.53.2.105";
+    ipv6 = "2a0a:4cc0::12d9";
+
+    domain = "rgbcu.be";
+
+    defaultGateway  = "152.53.0.1";
+    defaultGateway6 = "fe80::1";
+
+    interfaces.enp4s0 = {
+      ipv4.addresses = [{
+        address      = config.networking.ipv4;
+        prefixLength = 22;
+      }];
+
+      ipv6.addresses = [{
+        address      = config.networking.ipv6;
+        prefixLength = 64;
+      }];
+    };
+  };
+})
+
+(homeConfiguration {
+  home.stateVersion = "23.11";
+})

hosts/nine/hardware.nix

@@ -0,0 +1,31 @@
+{ config, lib, modulesPath, ... }: with lib;
+
+systemConfiguration {
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+  boot.loader.grub = enabled {
+    efiSupport            = true;
+    efiInstallAsRemovable = true;
+    device                = "nodev";
+  };
+
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "xen_blkfront"
+  ];
+
+  boot.initrd.kernelModules = [ "nvme" ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/root";
+    fsType = "ext4";
+  };
+
+  fileSystems.${config.boot.loader.efi.efiSysMountPoint} = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "vfat";
+  };
+
+  zramSwap = enabled;
+}

hosts/nine/password.seven.age

@@ -0,0 +1,17 @@
+age-encryption.org/v1
+-> ssh-ed25519 dASlBQ M9+Is0jGluDON67PhskJmo2l/3u3AviUOGCk3oex+SU
+f/F0RyEX//9KSZ5ot0hV+ecfP6QJ6LeKHyzMEsytsTY
+-> ssh-rsa jPaU3Q
+ZVw8eLq8ilKf3TFhBT4SU2ps6jtfJkq4Z61BtWxMQ52/+tdtRZV1c58L3FfiE8Ot
+bP4wNUC0Q/b/PZpvkPe2ABBr7ycDg+3VVl9gbKBKgk/6QCeSE5OubRUh1FZHZw1/
+nTo2YfBW2J5ktW24lM3taKnxVZivokb4yl/lb+qVnn4GW6AjNq1Xo3iRm4UJI1/Y
+mlE2FXI1i7J6shakaJwJs1t5QHcswIdgVBtqQQBQMFeJc9yzlmInc2vDIeylgMKT
+Sf82eNrTeBY4J4xAkPPJCSi7YKbm+BmKmPURthU+J3LuBhHZA/DxSfQKhTrjOjXx
+dvV7/Ovs9lBwy+9mco/5U1+Xtnt/bLeTwpgZZclSzmzQncpwzh/s7fR6mhYzKWln
+G9x5M/v0u8ipn7i2dzXVB8jd3hzDmuTGW7IQTKt/u8IJGJAhQ/8+dM6veiYQH1ue
+rpo5TxMiw2P1pc3N5TiRJdRG9SOuxLjp9UbQ7l4iO5TLs6cV0I6sCSdW16Ks5C8i
+
+-> ssh-ed25519 f5VzMA /O0Y+7w6jbcaKNtzmgnvzV/VcDTZ8+iHTnw18oz2930
+d9LNhqAmMBy+ZVlVqbbAXv7gT82UVAFqT++N/XCa0Lo
+--- HBJFGhhCaWq9ORHONafUcW9CCAsTJ7n1TQoE76zUJ+8
+揮堆忍JW杢nz	>0hkSC<53>蓚"ﾛｬ･ﾎｫ罌&Uﾛ舶ﾜ怦xﾏ/+ｷｺ塁Yｧﾎｿｧ誑:鄲､oｹ+Ih)ﾈ?A@ﾒｷQﾙ鹿lｰC}<19>ﾂﾅﾖ!ｾ\<19>ﾉｾl

hosts/tard/hardware.nix

@@ -1,9 +1,7 @@
 { lib, modulesPath, ... }: with lib;
 
 systemConfiguration {
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
 
   boot.loader.grub = enabled {
     device = "/dev/vda";

keys.nix

@@ -3,5 +3,6 @@
   disk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItpYQ3Pz6zFifKXvFX7xAC8aby9RW/m5PkW8T9SOee4 floppy@disk";
   enka = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRSLWxpIMOZIQv9ggDnAwSxmux/TZvuEPgq2HFiH+oI2OE07xYQAiroBVI5HH+aIg1nwpYtArANoD8V9Hrx2XCo2py/fMi9LhJWNMlFVcRLqYrCmrZYhBqZhxXIdY+wXqkSE7kvTKsz84BrhwilfA/bqTgVw2Ro6w0RnTzUhlYx4w10DT3isN09cQJMgvuyWNRlpGpkEGhPwyXythKM2ERoHTfq/XtpiGZQeLr6yoTTd9q4rbvnGGka5IUEz3RrmeXEs13l02IY6dCUFJkRRsK8dvB9zFjQyM08IqdaoHeudZoCOsnl/AiegZ7C5FoYEKIXY86RqxS3TH3nwuxe2fXTNr9gwf2PumM1Yh2WxV4+pHQOksxW8rWgv1nXMT5AG0RrJxr+S0Nn7NBbzCImrprX3mg4vJqT24xcUjUSDYllEMa2ioXGCeff8cwVKK/Ly5fwj0AX1scjiw+b7jD6VvDLA5z+ALwCblxiRMCN0SOMk9/V2Xsg9YIRMHyQwpqu8k= said@enka";
   pala = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEXXxaxhkIMy0UyLOOnvwkNjzypS7D9kElHGKw8pZuFb said@pala";
+  nine = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJDqnItmvXZMTSwzbalr+9jzS4kSJm5PWEpI8GOpebF seven@nine";
   tard = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDzvLg5IvqGzqdiNUOsRLPdYC56wXXSYNo9QNlXwaCKw tail@tard";
 }

modules/ssh/default.nix

@@ -37,6 +37,8 @@ in homeConfiguration {
         identityFile = "~/.ssh/id";
       };
 
+      # Maybe autogenerate these?
+
       cube = {
         hostname = self.cube.networking.ipv4;
         user     = "rgb";
@@ -49,6 +51,12 @@ in homeConfiguration {
         port     = 2222;
       };
 
+      nine = {
+        hostname = self.nine.networking.ipv4;
+        user     = "seven";
+        port     = 2222;
+      };
+
       tard = {
         hostname = self.tard.networking.ipv4;
         user     = "tail";

secrets.nix

@@ -35,6 +35,10 @@ in with keys; {
   "hosts/enka/password.orhan.age".publicKeys = admins;
   "hosts/enka/password.said.age".publicKeys  = admins;
 
+  # nine
+  "hosts/nine/id.age".publicKeys             = withAdmins nine;
+  "hosts/nine/password.seven.age".publicKeys = withAdmins nine;
+
   # tard
   "hosts/tard/id.age".publicKeys            = withAdmins tard;
   "hosts/tard/password.tail.age".publicKeys = withAdmins tard;