nixos/microlith: initial import

2023-10-08 22:07:57 +00:00 · 2023-10-08 22:07:57 +00:00 · 7211f82a5a
parent 6647ce895e
commit 7211f82a5a
5 changed files with 72 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -102,6 +102,17 @@
            ./nixos/khas
          ];
        };
+
+        microlith = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          modules = [
+            nibylandia-graphical
+            nibylandia-secureboot
+            nibylandia-gaming
+
+            ./nixos/microlith
+          ];
+        };
      };

      deploy.nodes.scylla = {
@ -128,6 +139,18 @@
        };
      };

+      deploy.nodes.microlith = {
+        fastConnection = false;
+        remoteBuild = true;
+        hostname = "microlith";
+        profiles.system = {
+          user = "root";
+          sshUser = "root";
+          path = deploy-rs.lib.x86_64-linux.activate.nixos
+            self.nixosConfigurations.microlith;
+        };
+      };
+
      checks = builtins.mapAttrs
        (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
    };
--- a/nixos/microlith/default.nix
+++ b/nixos/microlith/default.nix
@ -0,0 +1,13 @@
+{ config, pkgs, lib, ... }:
+
+{
+  networking.hostName = "microlith";
+  imports = [ ./hardware-configuration.nix ];
+  age.secrets.ar-password.file = ../../secrets/microlith-ar.age;
+
+  users.users.ar.hashedPasswordFile = config.age.secrets.ar-password.path;
+
+  virtualisation.docker.enable = true;
+
+  networking.firewall.allowedTCPPorts = [ 8000 8080 ];
+}
--- a/nixos/microlith/hardware-configuration.nix
+++ b/nixos/microlith/hardware-configuration.nix
@ -0,0 +1,22 @@
+{ config, ... }:
+
+{
+  boot.initrd.availableKernelModules =
+    [ "nvme" "xhci_pci" "ahci" "usbhid" "uas" "sd_mod" ];
+
+  boot.kernelParams = [ "pci=realloc,assign-busses,hpbussize=0x33" ];
+  services.hardware.bolt.enable = true;
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/71eb7f26-3872-45cc-8456-c801ab342017";
+    fsType = "xfs";
+  };
+
+  boot.initrd.luks.devices."microlith".device =
+    "/dev/disk/by-uuid/3b53f78f-4d3f-4b3b-b7c8-640fe450f122";
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/F0CC-B537";
+    fsType = "vfat";
+  };
+}
--- a/secrets.nix
+++ b/secrets.nix
@ -13,11 +13,14 @@ let
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/7CsIWlJH2F0VQpgsGgZOQeAd7Zh98WpCvmTyXCTty";
  stereolith =
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVuDOcKE8ANKGjd6kfFH1qLLzLwg91o0exJ0isIEw4O";
+  microlith =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDghNuH/3G+0BXwrBZWZXX0V3K0tfu/Q/AKokLXY5zTD";
 in {

  "secrets/secureboot-key.age".publicKeys = ar ++ [ khas ];
  "secrets/secureboot-cert.age".publicKeys = ar ++ [ khas ];
  "secrets/khas-ar.age".publicKeys = ar ++ [ khas ];
+  "secrets/microlith-ar.age".publicKeys = ar ++ [ microlith ];
  "secrets/wg/nibylandia_scylla.age".publicKeys = ar ++ [ scylla ];
  "secrets/wg/dn42_w1kl4s_scylla.age".publicKeys = ar ++ [ scylla ];
  "secrets/lan/nibylandia-ddns-kea.age".publicKeys = ar ++ [ scylla ];
--- a/secrets/microlith-ar.age
+++ b/secrets/microlith-ar.age
@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 kY4Rgg ZvCnJqq6HaqgX4Q9yl4mmKTOfqP53FC1GQIqbk3GMDI
+4p6uWhMyHycNE0ZhhllGhs05f1phPdD2srGCM1qw4P8
+-> ssh-ed25519 grc4Uw 7+nFSDy/p/0s/AJzn8FQ/T1zNjS6Sg/dduVup9dMKVs
+g+F6iNo3E9kNxs2OMYL8O4zd9XDMKNzh2MhqmXjPWfg
+-> ssh-ed25519 +VS7xA QnxTSiZ/fF11ndXl9ZmIMAquzMCsRWuBCwM8hwvOzhM
+3cXK2N0B/Lf2CJa14qeAnjdrxxzQqjTq8IBkDbvNiVQ
+-> Re-grease y +%inJ{2 l~~I6FmL ONUQ
+dSBfKTO5uQ
+--- HWEBIBXBwiqR09jE4y5Tb7Y1CscpBvkCd25Jxbzf4uA
+¸Áç’¸_º—’ËL4®‡€iHÚãÖ‘ÅÕµA¥vÊžßøž!’¨æoHùãÄ.`»®\<5C>é“»öG&œtD“úeíŸÅóÆ æŸ·ô—e/ÝÖ,´‡ÊÒü=•¹Ãí±»î¼Ÿm8—]¡€æm7ÛIªb1„$3gQ¤´ª“9¼‘Òh¬ ò€A<E282AC>