RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-27 18:17:44 +00:00
Code Issues Activity

feat: add best host

Browse source
This commit is contained in:
RGBCube 2025-02-25 00:44:54 +03:00
parent 4f84f97dca
commit f959f7a532
Signed by: RGBCube
SSH key fingerprint: SHA256:CzqbPcfwt+GxFYNnFVCqoN5Itn4YFrshg1TrnACpA5M
7 changed files with 118 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -6,6 +6,8 @@
!hosts/
!hosts/best/
!hosts/cube/
!hosts/cube/matrix/
!hosts/cube/nextcloud/

66
hosts/best/default.nix Normal file
View file

@ -0,0 +1,66 @@
lib: lib.nixosSystem ({ config, keys, lib, ... }: let
inherit (lib) collectNix remove;
in {
imports = collectNix ./. |> remove ./default.nix;
secrets.id.file = ./id.age;
services.openssh.hostKeys = [{
type = "ed25519";
path = config.secrets.id.path;
}];
secrets.thePassword.file = ./password.the.age;
users.users = {
root.hashedPasswordFile = config.secrets.thePassword.path;
the = {
description = "The";
openssh.authorizedKeys.keys = keys.admins;
hashedPasswordFile = config.secrets.thePassword.path;
isNormalUser = true;
extraGroups = [ "wheel" ];
};
backup = {
description = "Backup";
openssh.authorizedKeys.keys = keys.all;
hashedPasswordFile = config.secrets.thePassword.path;
isNormalUser = true;
};
};
home-manager.users = {
root = {};
the = {};
backup = {};
};
networking = let
interface = "ens3";
in {
hostName = "best";
ipv4.address = "152.53.236.46";
ipv6.address = "2a0a:4cc0:c0:6c66::";
domain = "rgbcu.be";
defaultGateway = {
inherit interface;
address = "152.53.236.1";
};
defaultGateway6 = {
inherit interface;
address = "fe80::1";
};
};
nixpkgs.hostPlatform = "x86_64-linux";
system.stateVersion = "25.05";
home-manager.sharedModules = [{
home.stateVersion = "25.05";
}];
})

30
hosts/best/hardware.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, lib, modulesPath, ... }: let
inherit (lib) enabled;
in {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
boot.loader.grub = enabled {
efiSupport = false;
device = "/dev/vda";
};
boot.initrd.availableKernelModules = [
"ata_piix"
"sr_mod"
"uhci_hcd"
"virtio_blk"
"virtio_pci"
];
fileSystems."/" = {
device = "/dev/disk/by-label/root";
fsType = "btrfs";
options = [ "noatime" ];
};
fileSystems.${config.boot.loader.efi.efiSysMountPoint} = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
options = [ "noatime" ];
};
}

8
hosts/best/password.the.age Normal file
View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 8y3T6w vDzwouIZ67XFvFZLFf3jDGoq6ZeZVfeSGDKGjCbI3iY
ZUHQ/YMOnmkZHnqxJtGgm/o9WZdViJKYWPksj51puLM
-> ssh-ed25519 CzqbPQ jyApxYHc2FOrM3oR7Jh412Y0y4+efXkm8HU9PWpogmw
6RbQFjgFupAQ/qeKUR6v6TvunYq/vdWMNp9ujeIFRIo
--- fW+OThAIrc1eOx4ZMnr/AEfnC8sld4/fj2DmTVISTW4
Ú…LÆœþØe@Ò«@í²—(¡Û>(ó„è£3o»²üÐÍç™ÔY ( ¹
Õ*JÝØðXמC½º[iê×pyxµäØà`Wf¿H7ýx*obý%*¢nÜ£#5³nG

1
keys.nix
View file

@ -1,5 +1,6 @@
let
keys = {
best = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUsMV591/9VqzjBiMqdxJId0C7PlZTIXQByHEILWMwc the@best";
cube = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINMkCJeHcD0SIOZ4HkyF6rqUmbvlKhSha3HWMZ0hbIjp rgb@cube";
disk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItpYQ3Pz6zFifKXvFX7xAC8aby9RW/m5PkW8T9SOee4 floppy@disk";
pala = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVkWUQ6Z4OK539tore/R5wnueNPPaX532RUAld8UOCo pala@pala";

6
modules/common/ssh/default.nix
View file

@ -34,6 +34,12 @@ in {
# TODO: Maybe autogenerate these?
best = {
hostname = self.best.networking.ipv4.address;
user = "the";
port = 2222;
};
cube = {
hostname = self.cube.networking.ipv4.address;
user = "rgb";

6
secrets.nix
View file

@ -1,6 +1,10 @@
let
inherit (import ./keys.nix) cube disk nine admins all;
inherit (import ./keys.nix) best cube disk nine admins all;
in {
# best
"hosts/best/id.age".publicKeys = [ best ] ++ admins;
"hosts/best/password.the.age".publicKeys = [ best ] ++ admins;
# cube
"hosts/cube/forgejo/password.runner.age".publicKeys = [ cube ] ++ admins;
"hosts/cube/grafana/password.age".publicKeys = [ cube ] ++ admins;