From 5e49413fd0811925c12f9762b54397d6df7bd743 Mon Sep 17 00:00:00 2001 From: Kat Inskip Date: Tue, 19 Nov 2024 19:10:40 -0800 Subject: [PATCH] feat: gengetsu init, nf-fmt-nix --- nixos/users/kat.nix | 3 +- systems/gengetsu/default.nix | 20 +++++++++++++ systems/gengetsu/nixos.nix | 46 ++++++++++++++++++++++++++++ systems/gengetsu/secrets.yaml | 56 +++++++++++++++++++++++++++++++++++ 4 files changed, 124 insertions(+), 1 deletion(-) create mode 100644 systems/gengetsu/default.nix create mode 100644 systems/gengetsu/nixos.nix create mode 100644 systems/gengetsu/secrets.yaml diff --git a/nixos/users/kat.nix b/nixos/users/kat.nix index b8c54288..40808a39 100644 --- a/nixos/users/kat.nix +++ b/nixos/users/kat.nix @@ -17,7 +17,8 @@ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPsu3vNsvBb/G+wALpstD/DnoRZ3fipAs00jtl8rzDuv96RlS7AJr4aNvG6Pt2D9SYn2wVLaiw+76mz2gOycH9/N+VCvL4/0MN9uqj+7XIcxNRo0gHVOblmi2bOXcmGKh3eRwHj1xyDwRxo9WIuBEP2bPpDPz75OXRtEdlTgvky7siSguQxJu03cb0p9hNAYhUoohNXyWW2CjDCLUQVE1+QRVUzsKq3KkPy0cHYgmZC1gRSMQyKpMt72L5tayLz3Tp/zrshucc+QO5IJeZdqMxsNAcvALsysT1J5EqxZoYH9VpWLRhSgVD6Nvn853pycJAlXQxgOCpSD3/v/JbgUe5NE+ci0o7NMy5IiHUv2gQMRIEhwBHlRGwokUPL9upx0lsjaEiPya5xQqqDKRom87xytM778ANS5CuMdQMWg9qVbpHZUHMjA0QmNkjPgq71pUDXHk5L4mZuS8wVjyjnvlw68yIJuHEc8P7QiLcjvRHFS2L9Ck8NRmPDTQXlQi9kk6LmMyu6fdevR/kZL21b+xO1e2DMyxBbNDTot8luppiiL8adgUDMwptpIne7JCWB1o9NFCbXUVgwuCCYBif6pOGSc6bGo1JTAKMflRlcy6Mi3t5H0mR2lj/sCSTWwTlP5FM4aPIq08NvW6PeuK1bFJY9fIgTwVsUnbAKOhmsMt62w== cardno:12 078 454" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII74JrgGsDQ6r7tD7+k3ykxXV7DpeeFRscPMxrBsDPhz kat@goliath" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDkeBFF4xxZgeURLzNHcvUFxImmkQ3pxXtpj3mtSyHXB kat@koishi" - ]; + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIC3RkyoQ74bb4NGv1H1bZAz5ROO0Zr6FT8TYpowgGUp kat@chen" + ]; }; users.groups.kat = {name, ...}: { gid = config.users.users.${name}.uid; diff --git a/systems/gengetsu/default.nix b/systems/gengetsu/default.nix new file mode 100644 index 00000000..4a73fb0f --- /dev/null +++ b/systems/gengetsu/default.nix @@ -0,0 +1,20 @@ +_: { + imports = [ + ]; + arch = "x86_64"; + type = "NixOS"; + modules = [ + ./nixos.nix + ]; + deploy.hostname = "10.1.1.204"; + deploy.sshOpts = []; + #exports = { + #services = { + #}; + #}; + network.networks = { + local = { + address4 = "10.1.1.204"; + }; + }; +} diff --git a/systems/gengetsu/nixos.nix b/systems/gengetsu/nixos.nix new file mode 100644 index 00000000..64a5030f --- /dev/null +++ b/systems/gengetsu/nixos.nix @@ -0,0 +1,46 @@ +{ + meta, + config, + lib, + modulesPath, + pkgs, + ... +}: { + imports = let + inherit (meta) nixos; + in [ + #nixos.sops + nixos.base + ]; + + boot = { + initrd = { + availableKernelModules = ["ahci" "xhci_pci" "ehci_pci" "usbhid" "usb_storage" "sd_mod" "sr_mod"]; + kernelModules = []; + }; + kernelModules = []; + extraModulePackages = []; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/bf317f5d-ffc2-45fd-9621-b645ff7223fc"; + fsType = "xfs"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/CA62-7FDF"; + fsType = "vfat"; + options = ["fmask=0077" "dmask=0077"]; + }; + }; + + environment.systemPackages = [ + pkgs.ipmitool + ]; + + system.stateVersion = "24.05"; +} diff --git a/systems/gengetsu/secrets.yaml b/systems/gengetsu/secrets.yaml new file mode 100644 index 00000000..a8757555 --- /dev/null +++ b/systems/gengetsu/secrets.yaml @@ -0,0 +1,56 @@ +sops: + shamir_threshold: 1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArUGdqR0lBTFNycWJFZW5m + YU5WY0dQc01HQ0N4ZjFHdDN5cW16TXFLWEhzCnc5cTJ3MHBQNlp0bE5HY1hRcnpi + bzF3eEIxMU1sL2N0R3hGNUhOZWdFQUUKLS0tIHhSQzNRZ3lwV0o2TEs4elBabDQy + VG9hNEpQeW5KNTBvSTBsN0NsQWxJbE0KvkUsGZhEQ7wwuYrW7R3HARtH0/XzWLoy + 6S2cdIzeuXKogXujv+vd4zzkO1tKuwxhfrhK1EVX5LL7YuK0n66AkQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-13T20:06:41Z" + mac: ENC[AES256_GCM,data:CBVQ8xAuOniojJdAo/bNvdDwi2QdZ4IZ/cgBDTQBrxiRlsukTcqZ+PvtR2bvDZAgsHEGuL1m4qTWPlBnFYBONZ5akomZ4YRAzlUd3OcpnEQn3RVQyGhimc1D8ZJgTeSam6dykt/IFpnGwPDxgwGqgRP3WqmLJn/eKfI18ZZusMQ=,iv:9n0wiYBh02eXYEP8n7RBPOcK5UBxo6r3iKBZIJ7GN6w=,tag:QwT5PR1tvqlawSw99lR9kg==,type:str] + pgp: + - created_at: "2024-05-13T20:06:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA82M54yws73UARAAwaLDkpKHWq5hTBp1DQ5mxDYosBnTHb43lh33k94vm4g2 + 6ut7B3gRImMaKdcJ3fbrg7tTVpaJkVA9qHuiiA9k/SjFKas1Zj1k9KJz+vqR0m6Q + sf5lgfUDL+eNeCMcuuo8zLMC5vDm3bkvffdj/2XOxKy0uGX/Rodm1yz7QUFSoUny + eYpJPXEX1zsQ4abK/Ck6q+3lCunHv5Df2Rw5U4piLC0e3kFc0NsQCNd2CavmzHkH + Us9nVZIlSgs6YeX4fFKxQwpvdDCg2dzuBnzkAgXu9LpxKBiAXPDZR6ymsUqtsFPk + wIIWVZablhVnEE2AeqzP1h8XLcS2gtBV/ikAlh8Q5stg8ZwynMYGUs4UctqNLr12 + D7FzNBdQVgnAdYR3hJIHTmVbKl1sKUcSVdWDSEZS0iQEHht8AxRPpoq69ahb5sZG + g0swYM8CIzS7MZarf4xu5Se2Oc6XjFGZXne0m+o+FTlJwt0HMgQpT7QUsuI29rRt + PU2CbsZiNvBeG7DNa8PxmOcr+RqgRieCxO7sqnXEaLM5DLw7goB1t/O0RhFwbh0F + iFEhb4EiIqctU7ZsdL+LL/D/AhOX2bRxOLh8lOQNwgbcLZqNg3CozPutZTemgirI + Au6MWj51GwmUL3nPF1uGrA1bTInpBQYFzHcQXTvmBl7a+oEpsMTJXXFi3grPegrS + XgEPu3/ymGRBbSzcfDqOTvynw57Z2WuqZhpRkz8zKnLLZvKXkuoCXzaXwkKBH3Jl + 8bymsNSnYsx9JSJRihQVDwCHnKL1nSJVRwweQTH7IwSDpy9tGRQ49K82daOIx98= + =f/a0 + -----END PGP MESSAGE----- + fp: CD8CE78CB0B3BDD4 + - created_at: "2024-05-13T20:06:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMA2W9MER3HLb7AQgArIaJ05lMr2k4v07xGpsE0yMAcOXcgVUWBu7frgml2Mj0 + vUQzyODyHc/C4bgzPGorQjeQyDN2ZAS8tLS3gkRuze/tF74uU/7cA6AgOBQ07t2G + kCgogymIWKbaLUJF52cuZUyWsyZezZMBFZ6JXvrU3XpX9Xd4GCBt7lBWZHWaDxLc + Fj9wwYFjwSltBhd1lQrLZOCcwbY/aEWaqM/mKM/9eo3tLzDA6nIEK0n4vNyBho+5 + jjN85/3t73su/aMQO27NWsiwseAxGwlgCz3G9ib2OMG8Dj1DxDj5SeGJDFEeGYu4 + lC1OhLcBxReVnCb/0fva0SWqsXQWDi5zIOQoJoY+stJeAZ9lpq8aGM295eK9m+Yq + d4eLzgf+BKB0lwqAMxLkyLhWJMy+Wrxw6c/Pvej7lmIJnnMuJ6hOIcXYwTnj6DpA + cQR8DVJHLHS2Tp6RKxZ/05Y3Rhd1BCatvewBqbv3rA== + =bD1x + -----END PGP MESSAGE----- + fp: 65BD3044771CB6FB + unencrypted_suffix: _unencrypted + version: 3.8.1