From d17e5524004e8103e012abfc099749bf59e8d06c Mon Sep 17 00:00:00 2001 From: RGBCube Date: Fri, 24 May 2024 17:00:29 +0300 Subject: [PATCH] Add nine --- .gitignore | 2 ++ hosts/cube/hardware.nix | 4 +-- hosts/nine/default.nix | 50 ++++++++++++++++++++++++++++++++++ hosts/nine/hardware.nix | 31 +++++++++++++++++++++ hosts/nine/id.age | Bin 0 -> 1260 bytes hosts/nine/password.seven.age | 17 ++++++++++++ hosts/tard/hardware.nix | 4 +-- keys.nix | 1 + modules/ssh/default.nix | 8 ++++++ secrets.nix | 4 +++ 10 files changed, 115 insertions(+), 6 deletions(-) create mode 100644 hosts/nine/default.nix create mode 100644 hosts/nine/hardware.nix create mode 100644 hosts/nine/id.age create mode 100644 hosts/nine/password.seven.age diff --git a/.gitignore b/.gitignore index 02cb7e8..3a29795 100644 --- a/.gitignore +++ b/.gitignore @@ -17,6 +17,8 @@ !hosts/enka/ +!hosts/nine/ + !hosts/tard/ !modules/ diff --git a/hosts/cube/hardware.nix b/hosts/cube/hardware.nix index fd148e6..7ad1651 100644 --- a/hosts/cube/hardware.nix +++ b/hosts/cube/hardware.nix @@ -1,9 +1,7 @@ { lib, modulesPath, ... }: with lib; systemConfiguration { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.loader.grub = enabled { device = "/dev/vda"; diff --git a/hosts/nine/default.nix b/hosts/nine/default.nix new file mode 100644 index 0000000..c330da1 --- /dev/null +++ b/hosts/nine/default.nix @@ -0,0 +1,50 @@ +{ config, lib, keys, ... }: with lib; merge + +(systemConfiguration { + system.stateVersion = "23.11"; + nixpkgs.hostPlatform = "aarch64-linux"; + + secrets.id.file = ./id.age; + secrets.sevenPassword.file = ./password.seven.age; + + users.users = { + root.hashedPasswordFile = config.secrets.sevenPassword.path; + + seven = sudoUser { + description = "Hungry Seven"; + openssh.authorizedKeys.keys = [ keys.enka ]; + hashedPasswordFile = config.secrets.sevenPassword.path; + }; + }; + + services.openssh.hostKeys = [{ + type = "ed25519"; + path = config.secrets.id.path; + }]; + + networking = { + ipv4 = "152.53.2.105"; + ipv6 = "2a0a:4cc0::12d9"; + + domain = "rgbcu.be"; + + defaultGateway = "152.53.0.1"; + defaultGateway6 = "fe80::1"; + + interfaces.enp4s0 = { + ipv4.addresses = [{ + address = config.networking.ipv4; + prefixLength = 22; + }]; + + ipv6.addresses = [{ + address = config.networking.ipv6; + prefixLength = 64; + }]; + }; + }; +}) + +(homeConfiguration { + home.stateVersion = "23.11"; +}) diff --git a/hosts/nine/hardware.nix b/hosts/nine/hardware.nix new file mode 100644 index 0000000..fb51388 --- /dev/null +++ b/hosts/nine/hardware.nix @@ -0,0 +1,31 @@ +{ config, lib, modulesPath, ... }: with lib; + +systemConfiguration { + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot.loader.grub = enabled { + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "xen_blkfront" + ]; + + boot.initrd.kernelModules = [ "nvme" ]; + + fileSystems."/" = { + device = "/dev/disk/by-label/root"; + fsType = "ext4"; + }; + + fileSystems.${config.boot.loader.efi.efiSysMountPoint} = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; + + zramSwap = enabled; +} diff --git a/hosts/nine/id.age b/hosts/nine/id.age new file mode 100644 index 0000000000000000000000000000000000000000..c2f6a215810ff304c4e9d1fcc2b73cf48ce3aa96 GIT binary patch literal 1260 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSnaSYCJ3REyk4aqPK zb=UU^taOYD@=Hpu$_dLTEH|#uH!X2VE2+qJE;cZ&GOzG=Eax&x$@MLEE3Zs6_cC`Y z2=+|3NH;ArObhV!3Qo(aFf;ed3eU-MOo=Ek_J!G2RGg@g6_6Ne9LSYyR_>SKWm#sP z7LsDn~pO;Z&=H?TT;#1(_Zd6iQ zROW3_WRYr`lab|;?CYJ%rEM8xn&;)0V&vi!?Ccfg>J#8!p5kbhV_8@fQD9K%8R%nN z9^zu|W*qF3SZNv=lExD{ z<8Q{5>*x|*SXPnd>KtVlR_5fW9d1%)803*vnj4T8k!4_PTvcvp>SLhqSYe#&Y*6f) z5ti)}oDx>x9OYw>>t~U{6=GEC=#p6O?&}j?;N|U8S`q0|k{c8nl3e6l5}FYhY3kyX z9USOwn4g$rl4oIV9-3R0RT7oz7ggzz>zWr>z~xvO>0x1Jk!hN4S)3PM>0F#;P*Lt( zP?nu#k>u}WQD_pBp5m1k7?NG#6qO&56z&^Xl2{Pw5)zagVI1xkV9o_g8nA?zW*S!I z>!{#cQCb}69Au&I;ivEFmz?b3qV1BHk!0YPZtRs^nrQB4?2#4VnUWV-<;rCd6`1H2 z>8YPt;!~YZ)xUKkmGG$V40EaQ|#lK9>}GutE=D~>>J{pSXCHV zoRlBwm2RBs>=oo4>|&9VTw+#S;9`eTDhIbH6Q1pG{vAu{Z7M z$JG}%|1vO;uh@2e^OZwaa(D0C>g5<8^w{rolw8By!%xnv-MpAtt#z^0#jgpwx2;Ta zQ90c9o?Tsy~$6el97tN1ImYo|id^Y%Rn z>r(aY=M;H|eyUJ$X;tvB*pRd-@9c}Cp}mUdl{AiS>p5NHn$P$-;7GrezKeJ3iPGh< zJHqzIeRe;t)4|D`y>#l2o!d^&UUX1qSJ$15^9{8drwL0<^itdVeBwoe8(in78TMZl zyOE^y*8iQz)NawGzc@n=?l!!0VPd79@ULRak{<;(Yx1fW%CkOLklb5(<))qYw1oXR z{w{MLWH+0dZC|o9hf{jr;aG!2g@)?W)0Z5O4~S6H%=?{M>?X~5W%0ii>{HGN`>$DF z ssh-ed25519 dASlBQ M9+Is0jGluDON67PhskJmo2l/3u3AviUOGCk3oex+SU +f/F0RyEX//9KSZ5ot0hV+ecfP6QJ6LeKHyzMEsytsTY +-> ssh-rsa jPaU3Q +ZVw8eLq8ilKf3TFhBT4SU2ps6jtfJkq4Z61BtWxMQ52/+tdtRZV1c58L3FfiE8Ot +bP4wNUC0Q/b/PZpvkPe2ABBr7ycDg+3VVl9gbKBKgk/6QCeSE5OubRUh1FZHZw1/ +nTo2YfBW2J5ktW24lM3taKnxVZivokb4yl/lb+qVnn4GW6AjNq1Xo3iRm4UJI1/Y +mlE2FXI1i7J6shakaJwJs1t5QHcswIdgVBtqQQBQMFeJc9yzlmInc2vDIeylgMKT +Sf82eNrTeBY4J4xAkPPJCSi7YKbm+BmKmPURthU+J3LuBhHZA/DxSfQKhTrjOjXx +dvV7/Ovs9lBwy+9mco/5U1+Xtnt/bLeTwpgZZclSzmzQncpwzh/s7fR6mhYzKWln +G9x5M/v0u8ipn7i2dzXVB8jd3hzDmuTGW7IQTKt/u8IJGJAhQ/8+dM6veiYQH1ue +rpo5TxMiw2P1pc3N5TiRJdRG9SOuxLjp9UbQ7l4iO5TLs6cV0I6sCSdW16Ks5C8i + +-> ssh-ed25519 f5VzMA /O0Y+7w6jbcaKNtzmgnvzV/VcDTZ8+iHTnw18oz2930 +d9LNhqAmMBy+ZVlVqbbAXv7gT82UVAFqT++N/XCa0Lo +--- HBJFGhhCaWq9ORHONafUcW9CCAsTJ7n1TQoE76zUJ+8 +Šö‘Í”EJW–Ûnz >0hkSCëÒäé"Û¬¥Î«ã &UÛ”•ÜœˆxÏ/+·º—ÛY§Î¿§æs:çÀ¤o¹+Ih)È?A@Ò·QÙŽ­l°C}ŸýÂÅÖ!¾\ùÆɾl \ No newline at end of file diff --git a/hosts/tard/hardware.nix b/hosts/tard/hardware.nix index 3cf4c2b..33b1cc1 100644 --- a/hosts/tard/hardware.nix +++ b/hosts/tard/hardware.nix @@ -1,9 +1,7 @@ { lib, modulesPath, ... }: with lib; systemConfiguration { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.loader.grub = enabled { device = "/dev/vda"; diff --git a/keys.nix b/keys.nix index 9a57ed3..feeb872 100644 --- a/keys.nix +++ b/keys.nix @@ -3,5 +3,6 @@ disk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItpYQ3Pz6zFifKXvFX7xAC8aby9RW/m5PkW8T9SOee4 floppy@disk"; enka = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRSLWxpIMOZIQv9ggDnAwSxmux/TZvuEPgq2HFiH+oI2OE07xYQAiroBVI5HH+aIg1nwpYtArANoD8V9Hrx2XCo2py/fMi9LhJWNMlFVcRLqYrCmrZYhBqZhxXIdY+wXqkSE7kvTKsz84BrhwilfA/bqTgVw2Ro6w0RnTzUhlYx4w10DT3isN09cQJMgvuyWNRlpGpkEGhPwyXythKM2ERoHTfq/XtpiGZQeLr6yoTTd9q4rbvnGGka5IUEz3RrmeXEs13l02IY6dCUFJkRRsK8dvB9zFjQyM08IqdaoHeudZoCOsnl/AiegZ7C5FoYEKIXY86RqxS3TH3nwuxe2fXTNr9gwf2PumM1Yh2WxV4+pHQOksxW8rWgv1nXMT5AG0RrJxr+S0Nn7NBbzCImrprX3mg4vJqT24xcUjUSDYllEMa2ioXGCeff8cwVKK/Ly5fwj0AX1scjiw+b7jD6VvDLA5z+ALwCblxiRMCN0SOMk9/V2Xsg9YIRMHyQwpqu8k= said@enka"; pala = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEXXxaxhkIMy0UyLOOnvwkNjzypS7D9kElHGKw8pZuFb said@pala"; + nine = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJDqnItmvXZMTSwzbalr+9jzS4kSJm5PWEpI8GOpebF seven@nine"; tard = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDzvLg5IvqGzqdiNUOsRLPdYC56wXXSYNo9QNlXwaCKw tail@tard"; } diff --git a/modules/ssh/default.nix b/modules/ssh/default.nix index 1967d20..48c3e10 100644 --- a/modules/ssh/default.nix +++ b/modules/ssh/default.nix @@ -37,6 +37,8 @@ in homeConfiguration { identityFile = "~/.ssh/id"; }; + # Maybe autogenerate these? + cube = { hostname = self.cube.networking.ipv4; user = "rgb"; @@ -49,6 +51,12 @@ in homeConfiguration { port = 2222; }; + nine = { + hostname = self.nine.networking.ipv4; + user = "seven"; + port = 2222; + }; + tard = { hostname = self.tard.networking.ipv4; user = "tail"; diff --git a/secrets.nix b/secrets.nix index e44086b..93d1be5 100644 --- a/secrets.nix +++ b/secrets.nix @@ -35,6 +35,10 @@ in with keys; { "hosts/enka/password.orhan.age".publicKeys = admins; "hosts/enka/password.said.age".publicKeys = admins; + # nine + "hosts/nine/id.age".publicKeys = withAdmins nine; + "hosts/nine/password.seven.age".publicKeys = withAdmins nine; + # tard "hosts/tard/id.age".publicKeys = withAdmins tard; "hosts/tard/password.tail.age".publicKeys = withAdmins tard;