feat(sakuya): new machine!

2026-02-09 20:39:18 -08:00 · 2024-09-05 00:57:19 -07:00 · 2024-09-05 00:57:19 -07:00 · c2089adbc7
commit c2089adbc7
parent b84cd5bd1b
6 changed files with 306 additions and 150 deletions
--- a/systems/sakuya/default.nix
+++ b/systems/sakuya/default.nix
@ -0,0 +1,27 @@
+_: {
+  arch = "aarch64";
+  type = "NixOS";
+  ci.allowFailure = true;
+  access.online.enable = false;
+  modules = [
+    ./nixos.nix
+  ];
+deploy = {
+hostname = "10.1.1.50";
+};
+  network.networks = {
+    tail = {
+      #address4 = "100.70.124.79";
+      #address6 = "fd7a:115c:a1e0::b001:7c4f";
+    };
+    local = {
+      macAddress = "02:ba:46:f8:40:52";
+      address4 = "10.1.1.50";
+    };
+  };
+  exports = {
+    services = {
+      tailscale.enable = true;
+    };
+  };
+}
--- a/systems/sakuya/nixos.nix
+++ b/systems/sakuya/nixos.nix
@ -0,0 +1,46 @@
+{ config, meta, ... }: {
+
+  imports = let
+    inherit (meta) nixos;
+   in [
+    nixos.sops
+    nixos.tailscale
+  ];
+  boot.loader = {
+    grub.enable = false;
+    generic-extlinux-compatible.enable = true;
+  };
+
+  fileSystems."/" = {
+      device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
+      fsType = "ext4";
+    };
+
+  networking.useNetworkd = true;
+  systemd.network = {
+    networks."40-end0" = {
+      inherit (config.systemd.network.links.end0) matchConfig;
+      address = ["10.1.1.50/24"];
+      gateway = ["10.1.1.1"];
+      DHCP = "no";
+      networkConfig = {
+        IPv6AcceptRA = true;
+      };
+      linkConfig = {
+        Multicast = true;
+      };
+    };
+    links.end0 = {
+      matchConfig = {
+        Type = "ether";
+        MACAddress = "02:ba:46:f8:40:52";
+      };
+      linkConfig = {
+        WakeOnLan = "magic";
+      };
+    };
+  };
+  sops.defaultSopsFile = ./secrets.yaml;
+
+  system.stateVersion = "24.11";
+}
--- a/systems/sakuya/secrets.yaml
+++ b/systems/sakuya/secrets.yaml
@ -0,0 +1,57 @@
+tailscale-key: ENC[AES256_GCM,data:MnCZvQHOE4rtQ0snTo1igA0HSP0vsa1tx2AU3mdyaoNof7L1/73fKOk7sU1pj1xPfEONt+g0vQvCuqpWdA==,iv:IbcL4oYiulQhMCdlLneC2xF5ytNvZgv/1pw1KzprOvQ=,tag:B9hK7l3mEH5VwaknchlBNQ==,type:str]
+sops:
+    shamir_threshold: 1
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1ehdj6hghtr8sf5s5c03rru4y3a02nwrt694e36tjnd6g7eq4l43qfradn6
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBua09JNmxOK0VMc3BQeTJk
+            aHhTdzJ1VkIwTndsUWlFQ1VTNGJhWEhEdTNRCjc2cUREcThZSnVTU0c1Y1kyUDl3
+            SWtGR21yditWdThib2dlZGlaZytTbTQKLS0tIDREUmhVNFNFcXhacUhnemwvalV5
+            TlhHWmdGY2NNUFVTNFM0QlFnZG9kMzQKTmEA+Q18XxHwGD28kmO+M/TXw1wJLo8m
+            Ea8/36iM04M/ik5EH9GrWGp8ctX7Mp4p+VqDr3WNwSFZZFBp7sga+Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-09-05T07:37:01Z"
+    mac: ENC[AES256_GCM,data:2Q48p8IS8gHjzYkYahrRGwqMTRR9WbL8DykcgbLrPZYn0BaM7n6XfNKBhlM5jk9WZ1lF1KD89YNAnsY+QUUZzr9zBoX8JCWDU/YABSC2FuJKjn5wIUlGzRJJ92T/95KJVXmRiE6CzXukXWIApWagPRjF8B3UbJb9K0BmniKVmFU=,iv:7FdZaWEV/Y3seIhFguQiHlbop0etZnb/RGgvVWjm/oY=,tag:Om7nsDsyzNK+AorZYFg7mQ==,type:str]
+    pgp:
+        - created_at: "2024-09-05T07:54:38Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA82M54yws73UAQ/9E+4Nr8P/ZdhSeVo9unUthyLDj3VKYUrGa5AkjcIDbK85
+            7FtFjzevVNvYvSlZtD+pw6H/u2AS5mYN0X3+Ee4DrMOzvVnad7x7shF0sv2kGpY1
+            YAjMkUvkpE+q2DPD6U3rwIJnYCbfW+S3jZPgyf+XmLh4fjOfIgL5GN2GziEqNKkf
+            i4MkgWtoEOf8NYDruRNdnWGwgXc6y3DCa7RkmFdK+ZDGSHZij4n4EDntoLi/EbeZ
+            K+E3eTPYRDVUMMIAxSDuKl9sNhTcopudTWf6zjcUdK2T8loIfKwhwH9nmnykrAx+
+            eXSEyUrTcn0K1MrxIVS1RZ+vfvb7M+IscnjZ62vUAQGOsdW7Y548pRoQq9M1jdWE
+            fIJW34dpdf6QzXdOsqfNvxMXHZup5XRvuXMsbL/oweP+gqlq8P8dTLiobaODscW9
+            Avd0PcQ3flkGudbSUh7femFbMsIS6/BVWuGeWALbq+UFL9yNA+Xd9cdOBbA12uBK
+            /zh9xmR2qlWgDg1GDRkl2vLULd7sD571mOJS/53xSlzjaY8ETMZwhrwwhgulFnVL
+            jGIJ3VdEVwoHlm4wOkW3/MyxkMExQKtLYFm0rGrRHvgmqK9LdiNewo6fvwzlsbjq
+            /f1uIOnMgDDfirC+oODCQ8XWKWFChoasuoyc7cNGklTPRaZFkk80qdplbTsUsvDS
+            XgEqR2/AIRiU1782o7WjaXxvGLO8KNQeSPXyEGEoIafB77vUf0RpiQ+L//n65BZo
+            uZwnEcx+dmzmnH2N3JkyXgEytf0zBWiUpPyilIWhZAVYZIRYYuNMCE7ZiYe2/d4=
+            =Sg+M
+            -----END PGP MESSAGE-----
+          fp: CD8CE78CB0B3BDD4
+        - created_at: "2024-09-05T07:54:38Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQEMA2W9MER3HLb7AQgAxfHLjKmHlCztdD67lkFkF7ugeZlE3ADUhmVgkyaw4OJC
+            tixKcl8dsaIYpW+QeE5NFnXYaW2ypfvuN0KpG1vj7hg0HkvTJUiVGSFt9VLNvpfx
+            iHyHPhKBAWgcD1MwJOLcmn2CyHucSYj4rbIOywv2rXgsiVwEzQlPY5ioXmu0RiWD
+            DPJEcA/s1a7cBkuxYL1j/c0yuqvzyFXWkgggUGMH5nQJc430muj17/TgOQzx/9gC
+            ea+PtRnSbRRYdYnzqSrNFpC+IDiKotluU8dawWgTERPDUZoJkjFWOGEZf5c6Qdz7
+            VNw4mfMzswhfkF2F6eVAEmun77rUm8yG3L3ryq70ldJeAcaP29EwWnl3j/DPzuhL
+            pnNzrBSyjeIIXU8oBOFe8gST6iuZFsjc+c6fMpLaeEzrhKry7HaoErGTcnhUB0U7
+            Cdh46/fsr4ZmXE0fDeBeu0+6BUwgwo9Iq0oswTiRIQ==
+            =2YsX
+            -----END PGP MESSAGE-----
+          fp: 65BD3044771CB6FB
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0