diff --git a/.gitignore b/.gitignore index 02cb7e8..3a29795 100644 --- a/.gitignore +++ b/.gitignore @@ -17,6 +17,8 @@ !hosts/enka/ +!hosts/nine/ + !hosts/tard/ !modules/ diff --git a/hosts/cube/hardware.nix b/hosts/cube/hardware.nix index fd148e6..7ad1651 100644 --- a/hosts/cube/hardware.nix +++ b/hosts/cube/hardware.nix @@ -1,9 +1,7 @@ { lib, modulesPath, ... }: with lib; systemConfiguration { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.loader.grub = enabled { device = "/dev/vda"; diff --git a/hosts/nine/default.nix b/hosts/nine/default.nix new file mode 100644 index 0000000..c330da1 --- /dev/null +++ b/hosts/nine/default.nix @@ -0,0 +1,50 @@ +{ config, lib, keys, ... }: with lib; merge + +(systemConfiguration { + system.stateVersion = "23.11"; + nixpkgs.hostPlatform = "aarch64-linux"; + + secrets.id.file = ./id.age; + secrets.sevenPassword.file = ./password.seven.age; + + users.users = { + root.hashedPasswordFile = config.secrets.sevenPassword.path; + + seven = sudoUser { + description = "Hungry Seven"; + openssh.authorizedKeys.keys = [ keys.enka ]; + hashedPasswordFile = config.secrets.sevenPassword.path; + }; + }; + + services.openssh.hostKeys = [{ + type = "ed25519"; + path = config.secrets.id.path; + }]; + + networking = { + ipv4 = "152.53.2.105"; + ipv6 = "2a0a:4cc0::12d9"; + + domain = "rgbcu.be"; + + defaultGateway = "152.53.0.1"; + defaultGateway6 = "fe80::1"; + + interfaces.enp4s0 = { + ipv4.addresses = [{ + address = config.networking.ipv4; + prefixLength = 22; + }]; + + ipv6.addresses = [{ + address = config.networking.ipv6; + prefixLength = 64; + }]; + }; + }; +}) + +(homeConfiguration { + home.stateVersion = "23.11"; +}) diff --git a/hosts/nine/hardware.nix b/hosts/nine/hardware.nix new file mode 100644 index 0000000..fb51388 --- /dev/null +++ b/hosts/nine/hardware.nix @@ -0,0 +1,31 @@ +{ config, lib, modulesPath, ... }: with lib; + +systemConfiguration { + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot.loader.grub = enabled { + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "xen_blkfront" + ]; + + boot.initrd.kernelModules = [ "nvme" ]; + + fileSystems."/" = { + device = "/dev/disk/by-label/root"; + fsType = "ext4"; + }; + + fileSystems.${config.boot.loader.efi.efiSysMountPoint} = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; + + zramSwap = enabled; +} diff --git a/hosts/nine/id.age b/hosts/nine/id.age new file mode 100644 index 0000000..c2f6a21 Binary files /dev/null and b/hosts/nine/id.age differ diff --git a/hosts/nine/password.seven.age b/hosts/nine/password.seven.age new file mode 100644 index 0000000..6995675 --- /dev/null +++ b/hosts/nine/password.seven.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-ed25519 dASlBQ M9+Is0jGluDON67PhskJmo2l/3u3AviUOGCk3oex+SU +f/F0RyEX//9KSZ5ot0hV+ecfP6QJ6LeKHyzMEsytsTY +-> ssh-rsa jPaU3Q +ZVw8eLq8ilKf3TFhBT4SU2ps6jtfJkq4Z61BtWxMQ52/+tdtRZV1c58L3FfiE8Ot +bP4wNUC0Q/b/PZpvkPe2ABBr7ycDg+3VVl9gbKBKgk/6QCeSE5OubRUh1FZHZw1/ +nTo2YfBW2J5ktW24lM3taKnxVZivokb4yl/lb+qVnn4GW6AjNq1Xo3iRm4UJI1/Y +mlE2FXI1i7J6shakaJwJs1t5QHcswIdgVBtqQQBQMFeJc9yzlmInc2vDIeylgMKT +Sf82eNrTeBY4J4xAkPPJCSi7YKbm+BmKmPURthU+J3LuBhHZA/DxSfQKhTrjOjXx +dvV7/Ovs9lBwy+9mco/5U1+Xtnt/bLeTwpgZZclSzmzQncpwzh/s7fR6mhYzKWln +G9x5M/v0u8ipn7i2dzXVB8jd3hzDmuTGW7IQTKt/u8IJGJAhQ/8+dM6veiYQH1ue +rpo5TxMiw2P1pc3N5TiRJdRG9SOuxLjp9UbQ7l4iO5TLs6cV0I6sCSdW16Ks5C8i + +-> ssh-ed25519 f5VzMA /O0Y+7w6jbcaKNtzmgnvzV/VcDTZ8+iHTnw18oz2930 +d9LNhqAmMBy+ZVlVqbbAXv7gT82UVAFqT++N/XCa0Lo +--- HBJFGhhCaWq9ORHONafUcW9CCAsTJ7n1TQoE76zUJ+8 +Šö‘Í”EJW–Ûnz >0hkSCëÒäé"Û¬¥Î«ã &UÛ”•ÜœˆxÏ/+·º—ÛY§Î¿§æs:çÀ¤o¹+Ih)È?A@Ò·QÙŽ­l°C}ŸýÂÅÖ!¾\ùÆÉ¾l \ No newline at end of file diff --git a/hosts/tard/hardware.nix b/hosts/tard/hardware.nix index 3cf4c2b..33b1cc1 100644 --- a/hosts/tard/hardware.nix +++ b/hosts/tard/hardware.nix @@ -1,9 +1,7 @@ { lib, modulesPath, ... }: with lib; systemConfiguration { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.loader.grub = enabled { device = "/dev/vda"; diff --git a/keys.nix b/keys.nix index 9a57ed3..feeb872 100644 --- a/keys.nix +++ b/keys.nix @@ -3,5 +3,6 @@ disk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItpYQ3Pz6zFifKXvFX7xAC8aby9RW/m5PkW8T9SOee4 floppy@disk"; enka = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRSLWxpIMOZIQv9ggDnAwSxmux/TZvuEPgq2HFiH+oI2OE07xYQAiroBVI5HH+aIg1nwpYtArANoD8V9Hrx2XCo2py/fMi9LhJWNMlFVcRLqYrCmrZYhBqZhxXIdY+wXqkSE7kvTKsz84BrhwilfA/bqTgVw2Ro6w0RnTzUhlYx4w10DT3isN09cQJMgvuyWNRlpGpkEGhPwyXythKM2ERoHTfq/XtpiGZQeLr6yoTTd9q4rbvnGGka5IUEz3RrmeXEs13l02IY6dCUFJkRRsK8dvB9zFjQyM08IqdaoHeudZoCOsnl/AiegZ7C5FoYEKIXY86RqxS3TH3nwuxe2fXTNr9gwf2PumM1Yh2WxV4+pHQOksxW8rWgv1nXMT5AG0RrJxr+S0Nn7NBbzCImrprX3mg4vJqT24xcUjUSDYllEMa2ioXGCeff8cwVKK/Ly5fwj0AX1scjiw+b7jD6VvDLA5z+ALwCblxiRMCN0SOMk9/V2Xsg9YIRMHyQwpqu8k= said@enka"; pala = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEXXxaxhkIMy0UyLOOnvwkNjzypS7D9kElHGKw8pZuFb said@pala"; + nine = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJDqnItmvXZMTSwzbalr+9jzS4kSJm5PWEpI8GOpebF seven@nine"; tard = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDzvLg5IvqGzqdiNUOsRLPdYC56wXXSYNo9QNlXwaCKw tail@tard"; } diff --git a/modules/ssh/default.nix b/modules/ssh/default.nix index 1967d20..48c3e10 100644 --- a/modules/ssh/default.nix +++ b/modules/ssh/default.nix @@ -37,6 +37,8 @@ in homeConfiguration { identityFile = "~/.ssh/id"; }; + # Maybe autogenerate these? + cube = { hostname = self.cube.networking.ipv4; user = "rgb"; @@ -49,6 +51,12 @@ in homeConfiguration { port = 2222; }; + nine = { + hostname = self.nine.networking.ipv4; + user = "seven"; + port = 2222; + }; + tard = { hostname = self.tard.networking.ipv4; user = "tail"; diff --git a/secrets.nix b/secrets.nix index e44086b..93d1be5 100644 --- a/secrets.nix +++ b/secrets.nix @@ -35,6 +35,10 @@ in with keys; { "hosts/enka/password.orhan.age".publicKeys = admins; "hosts/enka/password.said.age".publicKeys = admins; + # nine + "hosts/nine/id.age".publicKeys = withAdmins nine; + "hosts/nine/password.seven.age".publicKeys = withAdmins nine; + # tard "hosts/tard/id.age".publicKeys = withAdmins tard; "hosts/tard/password.tail.age".publicKeys = withAdmins tard;