nixos/microlith: initial import
parent
6647ce895e
commit
7211f82a5a
23
flake.nix
23
flake.nix
|
@ -102,6 +102,17 @@
|
|||
./nixos/khas
|
||||
];
|
||||
};
|
||||
|
||||
microlith = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
nibylandia-graphical
|
||||
nibylandia-secureboot
|
||||
nibylandia-gaming
|
||||
|
||||
./nixos/microlith
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
deploy.nodes.scylla = {
|
||||
|
@ -128,6 +139,18 @@
|
|||
};
|
||||
};
|
||||
|
||||
deploy.nodes.microlith = {
|
||||
fastConnection = false;
|
||||
remoteBuild = true;
|
||||
hostname = "microlith";
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
sshUser = "root";
|
||||
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
||||
self.nixosConfigurations.microlith;
|
||||
};
|
||||
};
|
||||
|
||||
checks = builtins.mapAttrs
|
||||
(system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
|
||||
};
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
networking.hostName = "microlith";
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
age.secrets.ar-password.file = ../../secrets/microlith-ar.age;
|
||||
|
||||
users.users.ar.hashedPasswordFile = config.age.secrets.ar-password.path;
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8000 8080 ];
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "nvme" "xhci_pci" "ahci" "usbhid" "uas" "sd_mod" ];
|
||||
|
||||
boot.kernelParams = [ "pci=realloc,assign-busses,hpbussize=0x33" ];
|
||||
services.hardware.bolt.enable = true;
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/71eb7f26-3872-45cc-8456-c801ab342017";
|
||||
fsType = "xfs";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."microlith".device =
|
||||
"/dev/disk/by-uuid/3b53f78f-4d3f-4b3b-b7c8-640fe450f122";
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/F0CC-B537";
|
||||
fsType = "vfat";
|
||||
};
|
||||
}
|
|
@ -13,11 +13,14 @@ let
|
|||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/7CsIWlJH2F0VQpgsGgZOQeAd7Zh98WpCvmTyXCTty";
|
||||
stereolith =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVuDOcKE8ANKGjd6kfFH1qLLzLwg91o0exJ0isIEw4O";
|
||||
microlith =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDghNuH/3G+0BXwrBZWZXX0V3K0tfu/Q/AKokLXY5zTD";
|
||||
in {
|
||||
|
||||
"secrets/secureboot-key.age".publicKeys = ar ++ [ khas ];
|
||||
"secrets/secureboot-cert.age".publicKeys = ar ++ [ khas ];
|
||||
"secrets/khas-ar.age".publicKeys = ar ++ [ khas ];
|
||||
"secrets/microlith-ar.age".publicKeys = ar ++ [ microlith ];
|
||||
"secrets/wg/nibylandia_scylla.age".publicKeys = ar ++ [ scylla ];
|
||||
"secrets/wg/dn42_w1kl4s_scylla.age".publicKeys = ar ++ [ scylla ];
|
||||
"secrets/lan/nibylandia-ddns-kea.age".publicKeys = ar ++ [ scylla ];
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg ZvCnJqq6HaqgX4Q9yl4mmKTOfqP53FC1GQIqbk3GMDI
|
||||
4p6uWhMyHycNE0ZhhllGhs05f1phPdD2srGCM1qw4P8
|
||||
-> ssh-ed25519 grc4Uw 7+nFSDy/p/0s/AJzn8FQ/T1zNjS6Sg/dduVup9dMKVs
|
||||
g+F6iNo3E9kNxs2OMYL8O4zd9XDMKNzh2MhqmXjPWfg
|
||||
-> ssh-ed25519 +VS7xA QnxTSiZ/fF11ndXl9ZmIMAquzMCsRWuBCwM8hwvOzhM
|
||||
3cXK2N0B/Lf2CJa14qeAnjdrxxzQqjTq8IBkDbvNiVQ
|
||||
-> Re-grease y +%inJ{2 l~~I6FmL ONUQ
|
||||
dSBfKTO5uQ
|
||||
--- HWEBIBXBwiqR09jE4y5Tb7Y1CscpBvkCd25Jxbzf4uA
|
||||
¸Áç’¸_º—’ËL4®‡€iHÚãÖ‘ÅÕµA¥vÊžßøž!’¨æoHùãÄ.`»®\<5C>é“»öG&œtD“úeíŸÅóÆ æŸ·ô—e/ÝÖ,´‡ÊÒü=•¹Ãí±»î¼Ÿm8—]¡€æm7ÛIªb1„$3gQ¤´ª“9¼‘Òh¬ ò€A<E282AC>
|
Loading…
Reference in New Issue