zaphyra's git: nixfiles

zaphyra and void's nixfiles

commit 13c67dce43ec225177f48d6119e9feee8fe6375f
parent c53e0e83678ca038c58b5e97e76182d80edf6fd3
Author: Katja (ctucx) <git@ctu.cx>
Date: Tue, 20 May 2025 13:20:11 +0200

hosts: add host `morio`

3 files changed, 97 insertions(+), 26 deletions(-)
M
.sops.yaml
|
2
++
A
hosts/morio/default.nix
|
60
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
M
secrets/common.yaml
|
61
+++++++++++++++++++++++++++++++++++--------------------------
diff --git a/.sops.yaml b/.sops.yaml
@@ -2,12 +2,14 @@ keys:
     - &katja 9D7CACD7039E5AD616FD25879F935DB630A167E7
     - &void 321EFA52CF155E9FD646279E0FB0CA11985EB5F6
     - &huntii age12dxnl4upy7agngqztrnp6wnz5jcq4fp06nxngah9n7umr4v90cvs677azg
+    - &morio age1wpffcr5p88a2x9dzx5v3sq4jqurvygu94fx773n229fqk4p95qzs840cmn
 
 creation_rules:
     - path_regex: secrets/common\.yaml$
       key_groups:
           - age:
                 - *huntii
+                - *morio
             pgp:
                 - *katja
                 - *void

diff --git a/hosts/morio/default.nix b/hosts/morio/default.nix
@@ -0,0 +1,60 @@
+{
+
+  system = "x86_64-linux";
+  nixpkgsStable = true;
+
+  domain = "infra.zaphyra.eu";
+
+  sshPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFimeRkXE4Oa+IFpVBBMkIReDwjtRMQkTZY7HTGXN2yy";
+
+  hardware = {
+    cpuVendor = "intel";
+    allowHibernation = false;
+  };
+
+  networking = {
+    ip4IsPrivate    = false;
+    ip4Address      = "152.89.106.158";
+    ip4PrefixLength = 22;
+    defaultGateway4 = "152.89.104.1";
+
+    ip6IsPrivate    = false;
+    ip6Address      = "2a03:4000:39:e9a::1";
+    ip6PrefixLength = 64;
+    defaultGateway6 = "fe80::1";
+  };
+
+  configuration =
+    { config, pkgs, ... }:
+    {
+
+        boot.initrd.systemd.emergencyAccess = true;
+        boot.kernelPackages = pkgs.linuxPackages_latest;
+
+        modules = {
+          filesystem.rootDisk = {
+          enable = true;
+          encrypt = true;
+          type = "ext4";
+          path = "/dev/vda";
+          swap = {
+            enable = true;
+            size = "2G";
+          };
+        };
+
+        presets = {
+          base.enable = true;
+          katja.enable = true;
+          katja.syncthing.enable = false;
+          netcup.enable = true;
+        };
+
+        users.katja.enable = true;
+      };
+
+      system.stateVersion = "24.11";
+      home-manager.users.katja.home.stateVersion = "24.11";
+    };
+
+}

diff --git a/secrets/common.yaml b/secrets/common.yaml
@@ -8,44 +8,53 @@ sops:
         - recipient: age12dxnl4upy7agngqztrnp6wnz5jcq4fp06nxngah9n7umr4v90cvs677azg
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2My9mTnRIMk1xZWpsU1Vs
-            dHVRVlJIeXRPWWFKcW10ZTBlTUZmU3FNcVRzCnBZTXVCQTB0ZnhaNjA0WmV4MFZL
-            emdHLzh5Rit4dDRpanRSRlY5clhsREUKLS0tIGRwRi9ZbmxHWnlKODJlWjZ3OW9z
-            YnJlNkZCcFIwK2VRYjI4VVIvWjlleG8KFs/f//rxxJkTGtmQ1HqE7olkGTqwrVNI
-            xBCNu0NBWttgNoJbZzPwRBAI1ZwYes6JC/3Ll4KoL7GpoQncb/pDFw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIc1diUTRjQVVuUFlJYjZy
+            OVlDNDFXNXM4eDkxMGlXcG5Tekt6cWRkUFdVCnQvQ2NoeGo2LzA5Tk5SaWIxSTM1
+            L2h3Yk1EbVNabHpNNkY3ZlFnRHN5Mk0KLS0tIFVnMW5vLy9HQUJEb2k4ejUwZXhl
+            WEJTVWdhelZXN1hUR2ptbHBESXU5bjAKHsfKnIP5OcbgN76MNK66vcS2r9EQO1ZN
+            BI7wUz93YT/5Pkzmxq/XGuUFO/SrkDbL54mCYs3IG7/tPTxCWhX+Vg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1wpffcr5p88a2x9dzx5v3sq4jqurvygu94fx773n229fqk4p95qzs840cmn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZTNrYnZQbWFjVzVhdFR6
+            cTdITmNNa1g1NFRQTmhHNHRpNU5yTDVGUDBFCldGY3dZZE1jd3hWT1RMRE9xTm5j
+            Y0ltZmN1S3lucE42aDV3aWpCNjNWQjAKLS0tIHQ2bEtPc25QeHVBaVE1NVR5VDRO
+            czVKaU4zSWp5T0owQ3lSMUtuNHpuSkEKZ/Sf6WPWZd7I/hMKHwaAPWIcFAbw/V6l
+            FSdJ6mqtrAmGIvImhNwzZ0ssP50LrqxdFmwR5dGZOJLA20pk3JhVTQ==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2025-05-16T09:43:09Z"
     mac: ENC[AES256_GCM,data:geMBTXwKRreULuqE1UaQFChfF61Fq3EL2H4meQavAtm/B5t+GXlf6wztFGMX78aZyrrZXM4Dh8EsfRh7ShMtInDqSN4CH3yrX4Cet2QLoTU7cQpdEOZArx0OogxqJ6awN331YOcyVtejKu9bW1LLhKDEn4QkaCzTZaQhludI9hw=,iv:CKAEqYWeKqlECB8bu8/AmqUAvz+NJ9sVT1cEMX9uGJ0=,tag:+1vxnuq9XS9eJIKlLuTvHA==,type:str]
     pgp:
-        - created_at: "2025-05-16T09:44:27Z"
+        - created_at: "2025-05-19T19:06:32Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hQIMAzmqVs6bjEjqARAAtgNcskJkmWrBCSlBZDIQo/W3FQ7o3bJbVGrIsty0SEIO
-            rGr4dyiwH3p28yjjOf2vrwm14i7zoS26aFNiS2Aom/3Vr8wG77tF5YXl0M+IF79f
-            28Mzj5oInL64O/iy9aHePQJCm4MWezSZmzqppmp0JaucTCwoKRachjI54myh26Kx
-            9/Q06qWCqgMqg+1dVq3/SgjcJtNxpjGpsJo8//lGKNYeMVd6f/r16JMrznmmCQl4
-            VxyW95XUj8LrXc/X9o03HOZdVD6+J8qgIZwClk80SDaLil+U3CswSVFwaHXelQPw
-            JdfimNr3xvFeCFzx5p0Lfke7svKVIgfbZcB/OPvQNuMEHN1ymzs7kP0NWwxLJ8Fw
-            kQG0j7wJyrNLkRGMNkh7aY0k5tE3Lk0iXr54n9X2zQ/ibWwTfgQwz/gZ4QoCYN0A
-            DyPCSCaFK+yk+UjPXsPHVeVhu32HQ+PfceXDB0ttaoks5Zo4jJ2a/tPzQyEr1gwQ
-            101UFHdZfrA4W0/EXeYHRpg24l8ctY3dcvGikDIuiFc6dOORE5Yr/mVjMmJdAm+l
-            KV5YuNEoXfohNuGfLnDy2J3OcylY74Ye0w5N4yd3w1tY9EAJmlGdhhDPDrr/cDuz
-            BLRpzXW4hrqRiJq3+C+50v4qqqIkyrHDxP8Xa4UFKEAPkaPh4uN06bJL6ZgO9qTS
-            XgH04bFJMy9eUdlHXRcJFPcv9cNvlAQb4Qd9RyfOsOSBMqcKwUE46HJOfhP6ZAxk
-            PVOBSveFrzYobUpLQKwYsEZrGybmpzi3JBKWbAqz8qYdHGesGMV+Owmg3X4tg2s=
-            =WZQT
+            hQIMAzmqVs6bjEjqAQ//aCbKA6nNApaBOoeHa0wVCp3FxsfkLUnadoZLVro7Xsb6
+            Hx1lm014RKhEPKapZhKhQxO+1gDfVhGe+Ms1MH3hxSa76GPs2LB+BmfSpeVXgmyO
+            nVLSe4Mp8Wnnl3tSTvu3PA6hcV237sHnX1hGNK/ObjqQlwmPmNbI+JHPPvNMxv31
+            LqfrM80RF9QM/0Tf/1aE9ZKbx7xk0CQulkKZSGKgsWBpMhSAtrHYRurCqPTDQatz
+            u713fGKYusyOvvpRMZ1qjyCeFA5GcVWQlKilWjJW8ykODpRFKg0MGzj+isQ5tnDz
+            pt0cRG9g3lzwmLoWzp2NWUSUQsg212orQknxkFT8A7TpyyxUd8qjbxdjDTaA4yQb
+            WyeevLNrO75BjXqgc7JQKy+NQMnixDt96XfKhUu2sh1VoiJKtP5wqbohuYQ8HLXH
+            h0UwWgeyLtpIJT9NfQbieRqHgLfhg6JBKV24HMiCF0Chj8a1ndO6xpprVc0lF2Zu
+            H12dh2Y2PsJcB7eekR7vzBDEOGlXvFcTo1XvEztAYiXsGWeE6aZEWZQH52V1YE69
+            eAWT8YvQD47zym0wIbKmONvF8p92nqrpmwv5PzPjSMNMw0uTGwEVPtK0GSVVyGu1
+            L/t7P6rBbafa6CX2ax4TeRP59f/1Y0v8N61T6fe+Y5CYPeEWYb+nIDqEDmI3upLS
+            XgHoLU7QX2XYRNWp57hJa1kq9Sx2mXCYT0lr1ISC7cyYxO8e7U/lHIyLZhP3tqBk
+            L5RQkWfDRDOml2zs8kKL90tXinZGNwwriMgVv91+PdxG5WABtO1lNXozjetJL3E=
+            =g+CW
             -----END PGP MESSAGE-----
           fp: 9D7CACD7039E5AD616FD25879F935DB630A167E7
-        - created_at: "2025-05-16T09:44:27Z"
+        - created_at: "2025-05-19T19:06:32Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hF4DaBViTd9dOpwSAQdA6gc6AHjtUH3/WBPKILjO7rrkHhMFW/XksJNqVm3kaDsw
-            Yns66WP0Zw9ukwIt4XGztez/dPPWZgJUE7Yzk3PBpXjhDS105/w1kaao9B4sMKQs
-            0l4BEIINqx+kVtHLHQRw1/2Yd7FCVJHqZEg5crPqAFKfHS+s3G2QKBBHUrKREaX0
-            76vKzX74oDEkSfScTvnfMqutyl6KsNRbpktqY3uEezFC/R2hnm1QjqlZf6c3SndB
-            =E1pg
+            hF4DaBViTd9dOpwSAQdAy1tN8Dhm5qeKSncJcKXWa5kjDzGb19+H009K/y5zOwAw
+            1kdUzI8XmjXJu32kpViXfR0bTQFfIDBtDyqaWuDPrt1OMdseS7Fxw6nflTdWkNJ1
+            0l4BIKKdWEBrSH7EhYMr1jRIkFNQ7RtL8e31JkVYM3HIhdI+VZ3lu1osMEyvTM/8
+            4FXt7383IpSv6Z+QkS1hIaC2GwB095CyWmWkVBsA1RHLUyveT8Z3PumO7959XZO5
+            =XOBf
             -----END PGP MESSAGE-----
           fp: 321EFA52CF155E9FD646279E0FB0CA11985EB5F6
     unencrypted_suffix: _unencrypted