commit 61701e9af73a46083ede1a6388798f5c4cb19f57
parent 13c67dce43ec225177f48d6119e9feee8fe6375f
Author: Katja (ctucx) <git@ctu.cx>
Date: Wed, 21 May 2025 12:56:25 +0200
parent 13c67dce43ec225177f48d6119e9feee8fe6375f
Author: Katja (ctucx) <git@ctu.cx>
Date: Wed, 21 May 2025 12:56:25 +0200
hosts: add host `novus`
3 files changed, 106 insertions(+), 33 deletions(-)
diff --git a/.sops.yaml b/.sops.yaml @@ -3,6 +3,7 @@ keys: - &void 321EFA52CF155E9FD646279E0FB0CA11985EB5F6 - &huntii age12dxnl4upy7agngqztrnp6wnz5jcq4fp06nxngah9n7umr4v90cvs677azg - &morio age1wpffcr5p88a2x9dzx5v3sq4jqurvygu94fx773n229fqk4p95qzs840cmn + - &novus age1tud4lvpmpx5nqceyp09ls9ej8l80zlh29d8cpjxcajfnnyy85fvqs63snm creation_rules: - path_regex: secrets/common\.yaml$ @@ -10,6 +11,7 @@ creation_rules: - age: - *huntii - *morio + - *novus pgp: - *katja - *void
diff --git a/hosts/novus/default.nix b/hosts/novus/default.nix @@ -0,0 +1,62 @@ +{ + + system = "x86_64-linux"; + nixpkgsStable = true; + + domain = "infra.zaphyra.eu"; + + sshPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrPIC3CoGpLDxsz1kiOXpv7EpNoFEgI6nCNckD69rpJ"; + + hardware = { + cpuVendor = "intel"; + allowHibernation = false; + }; + + networking = { + ip4IsPrivate = false; + ip4Address = "194.36.145.49"; + ip4PrefixLength = 22; + defaultGateway4 = "194.36.144.1"; + + ip6IsPrivate = false; + ip6Address = "2a03:4000:4d:5e::1"; + ip6PrefixLength = 64; + defaultGateway6 = "fe80::1"; + }; + + configuration = + { config, pkgs, ... }: + { + + boot.initrd.systemd.emergencyAccess = true; + boot.kernelPackages = pkgs.linuxPackages_latest; + + modules = { + filesystem.rootDisk = { + enable = true; + encrypt = true; + type = "ext4"; + path = "/dev/vda"; + swap = { + enable = true; + size = "2G"; + }; + }; + + presets = { + base.enable = true; + netcup.enable = true; + katja = { + enable = true; + syncthing.enable = false; + }; + }; + + users.katja.enable = true; + }; + + system.stateVersion = "24.11"; + home-manager.users.katja.home.stateVersion = "24.11"; + }; + +}
diff --git a/secrets/common.yaml b/secrets/common.yaml @@ -8,53 +8,62 @@ sops: - recipient: age12dxnl4upy7agngqztrnp6wnz5jcq4fp06nxngah9n7umr4v90cvs677azg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIc1diUTRjQVVuUFlJYjZy - OVlDNDFXNXM4eDkxMGlXcG5Tekt6cWRkUFdVCnQvQ2NoeGo2LzA5Tk5SaWIxSTM1 - L2h3Yk1EbVNabHpNNkY3ZlFnRHN5Mk0KLS0tIFVnMW5vLy9HQUJEb2k4ejUwZXhl - WEJTVWdhelZXN1hUR2ptbHBESXU5bjAKHsfKnIP5OcbgN76MNK66vcS2r9EQO1ZN - BI7wUz93YT/5Pkzmxq/XGuUFO/SrkDbL54mCYs3IG7/tPTxCWhX+Vg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLdkNSSFV4R0RySis3MUxD + RVZraXpBVUQ0eElNRzUveGVvanBtR3R1Z25vClZTN1VNL1ovbytXQXVlV0NHSmtw + UWZLSU9KVkx1c2V2WC84ZjhWbzdXMEEKLS0tIEtXaTNDK25KM2xGYmZkdEovRmJw + QjR4RjY0V296NnF5b252OXh0Q1p1ZzAK3bw8c++BZrY4SdXlR/EyuzK0aSsWah9x + kDCSpxNLWyXUdKfg1olYXuVErIgN8p9WTDluaaRcua0g9PE8AC3WZg== -----END AGE ENCRYPTED FILE----- - recipient: age1wpffcr5p88a2x9dzx5v3sq4jqurvygu94fx773n229fqk4p95qzs840cmn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZTNrYnZQbWFjVzVhdFR6 - cTdITmNNa1g1NFRQTmhHNHRpNU5yTDVGUDBFCldGY3dZZE1jd3hWT1RMRE9xTm5j - Y0ltZmN1S3lucE42aDV3aWpCNjNWQjAKLS0tIHQ2bEtPc25QeHVBaVE1NVR5VDRO - czVKaU4zSWp5T0owQ3lSMUtuNHpuSkEKZ/Sf6WPWZd7I/hMKHwaAPWIcFAbw/V6l - FSdJ6mqtrAmGIvImhNwzZ0ssP50LrqxdFmwR5dGZOJLA20pk3JhVTQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6ejdTNEl2azJVUWpEMDha + NzFDZUE1Y21yaVJWTlZ0Q2w4b1Yrb1V1b1NjCldUS0J3Mld2S1NnTzE1ZW5Yc0Zi + VTh4Q2JzTnpzck5OOGZRVVdEVENFVFUKLS0tIFF6aXVBZXU4Z1VmVnhHZzVXS1ZN + MWRGZXlqaEJiT3VBdzFDWWx3RGJsZUEK+1aozxblsZShC0Pl4zqM9n+8R7ljj9Sz + OuAShX0LkIb3nl4FcNmlCJj9OyTFUl+R1RTZNlts7bop5Hq11Hq2+A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-05-16T09:43:09Z" - mac: ENC[AES256_GCM,data:geMBTXwKRreULuqE1UaQFChfF61Fq3EL2H4meQavAtm/B5t+GXlf6wztFGMX78aZyrrZXM4Dh8EsfRh7ShMtInDqSN4CH3yrX4Cet2QLoTU7cQpdEOZArx0OogxqJ6awN331YOcyVtejKu9bW1LLhKDEn4QkaCzTZaQhludI9hw=,iv:CKAEqYWeKqlECB8bu8/AmqUAvz+NJ9sVT1cEMX9uGJ0=,tag:+1vxnuq9XS9eJIKlLuTvHA==,type:str] + - recipient: age1tud4lvpmpx5nqceyp09ls9ej8l80zlh29d8cpjxcajfnnyy85fvqs63snm + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlNzVCWUc4MHhnd2NGa1Nt + eG9TMmNubHlmcmFLUWRtWVJ4NjFYS0taS0I0ClF6QXp3aXd1SWpKNitaQ1RzV3Vq + VjZZajV5dTEvZ0RNdmlkY0h5bWIxMFUKLS0tIHB2TVVqZmhGUVU0dm9oZ3RwRWVn + Ti9mMzB1Ri9LbnhVYnB4S1ZRdktreEEKNCi9wEdj4qruCrL+pdq8D8Q/mTimBLaR + pQIFd6SZLf93PnOiza/9xfhAMYqjk5EIL49jVVZ9m5OOMGOzGn9HiA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-05-21T10:21:20Z" + mac: ENC[AES256_GCM,data:B/s3mTdeFWVsMJwE3DmMEzN9/WC3V0MgWXDIdEDsuWX000Bjy4GnDAKiBZAwqj2DEsPjOsaxVa5QqHOOfY6D0Ld/IbFgJ4+7TOz9qstRV37G2gjCB5IS770jL/snxRXpmqZzWTvpBsJcQAyqONx6tXW2aIfw94YB+7ut3+jHupY=,iv:fCIF7iK+OlLcBujOxkKRR5sp6zf19LTYD74Fz+NOe4Q=,tag:Ha9k9v4JY/el61inZbMXFQ==,type:str] pgp: - - created_at: "2025-05-19T19:06:32Z" + - created_at: "2025-05-21T10:21:09Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAzmqVs6bjEjqAQ//aCbKA6nNApaBOoeHa0wVCp3FxsfkLUnadoZLVro7Xsb6 - Hx1lm014RKhEPKapZhKhQxO+1gDfVhGe+Ms1MH3hxSa76GPs2LB+BmfSpeVXgmyO - nVLSe4Mp8Wnnl3tSTvu3PA6hcV237sHnX1hGNK/ObjqQlwmPmNbI+JHPPvNMxv31 - LqfrM80RF9QM/0Tf/1aE9ZKbx7xk0CQulkKZSGKgsWBpMhSAtrHYRurCqPTDQatz - u713fGKYusyOvvpRMZ1qjyCeFA5GcVWQlKilWjJW8ykODpRFKg0MGzj+isQ5tnDz - pt0cRG9g3lzwmLoWzp2NWUSUQsg212orQknxkFT8A7TpyyxUd8qjbxdjDTaA4yQb - WyeevLNrO75BjXqgc7JQKy+NQMnixDt96XfKhUu2sh1VoiJKtP5wqbohuYQ8HLXH - h0UwWgeyLtpIJT9NfQbieRqHgLfhg6JBKV24HMiCF0Chj8a1ndO6xpprVc0lF2Zu - H12dh2Y2PsJcB7eekR7vzBDEOGlXvFcTo1XvEztAYiXsGWeE6aZEWZQH52V1YE69 - eAWT8YvQD47zym0wIbKmONvF8p92nqrpmwv5PzPjSMNMw0uTGwEVPtK0GSVVyGu1 - L/t7P6rBbafa6CX2ax4TeRP59f/1Y0v8N61T6fe+Y5CYPeEWYb+nIDqEDmI3upLS - XgHoLU7QX2XYRNWp57hJa1kq9Sx2mXCYT0lr1ISC7cyYxO8e7U/lHIyLZhP3tqBk - L5RQkWfDRDOml2zs8kKL90tXinZGNwwriMgVv91+PdxG5WABtO1lNXozjetJL3E= - =g+CW + hQIMAzmqVs6bjEjqARAAhH3syDNofNaCWJYtYgXJmql5BcEJS5T89e3x2RRQr8Wv + 8o1Ktu5KJO+iZC1XvYf+F8hVKhUcEscHWkauGc5qI6RINnoMue0w754GAF/Ga6yt + PEeZon/hPoPxAG6sYwaAVnQQ1+zA1QFSSexDPYoIAUH/cTHteONwg5+X9e/X783f + GRp/ZXHa8XH4XrA7o5FbNGQqRULsJTaMAjw9xYmWWZJygquZCdvLqISRVbiQv52a + T6j3euO5N7/L0ZjVmHN1cPpMKW+XE83iGEeEq+9ebA+cVeXOx9a+RHLd5YGbJqnB + mEqOgzaW17kiKnGs5Jgawa5BPFa0XdYr26Ltn0h0AaMECFHvCO35nqL+Ix1U5GQU + /ea+wPyiPmVZfdcXWZz0yKgRcnwLJjEm/OCEp5U3bqR5wu+O92tf9ajQmh2QD1RI + pEaj6tYkpw6JaMAxYns3PG3o9t+vsN7e+zW3xhX8PJxpk84Ai4jCQocigP4/pstV + mdip0ChyK5CylB2+D9Fsw7s5eR2ImDF6L5ExuqhrP7WnslB1C90DT8T2Pn0LZbR5 + muKWbW09W65ZLOpPWItrkN9nzmv80ac8NUBUXfPbGqGLVYnD8qqn/uE32K8USLye + 34saAyqOSYMlolJnDpOaawXTI2dZDp5ZaTT6rUu0R28LHNLkoVIP6Ik+SLM+XkDS + XgGarUoRkuNLapz3lioX4vbi1j6Rsk7qRmlAZUSIjsDKnALYo1Q1G+SdKkeRecGw + y7WBkmF9jhFpBIBPh/FmaRZ6ZckWkT7/JqPwrVuv8ngSpkVTwiJLmaTPdBTWPgA= + =3t24 -----END PGP MESSAGE----- fp: 9D7CACD7039E5AD616FD25879F935DB630A167E7 - - created_at: "2025-05-19T19:06:32Z" + - created_at: "2025-05-21T10:21:09Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DaBViTd9dOpwSAQdAy1tN8Dhm5qeKSncJcKXWa5kjDzGb19+H009K/y5zOwAw - 1kdUzI8XmjXJu32kpViXfR0bTQFfIDBtDyqaWuDPrt1OMdseS7Fxw6nflTdWkNJ1 - 0l4BIKKdWEBrSH7EhYMr1jRIkFNQ7RtL8e31JkVYM3HIhdI+VZ3lu1osMEyvTM/8 - 4FXt7383IpSv6Z+QkS1hIaC2GwB095CyWmWkVBsA1RHLUyveT8Z3PumO7959XZO5 - =XOBf + hF4DaBViTd9dOpwSAQdA2Gce8ibHNQbG3qrilVXG+T8tqfgJFKvRqE6NNbITeAMw + ieH1s+w3zG+ZAZJO+wQYeTAi0O3/epQta4SU22MpilHyPpvyYwFdBInbNiHP2jmL + 0l4BWTFQ504qSYlQDswAA4+MWKFZMdSInn3v9FLgSCUMyCdMHq7rzchraTb2yHxd + geUGyV0FxrFtAUo6MUc1V5SsnWTheNc1CmyLXDjd5wlKlYAY8nVY7S5V1pPDflKP + =/wyM -----END PGP MESSAGE----- fp: 321EFA52CF155E9FD646279E0FB0CA11985EB5F6 unencrypted_suffix: _unencrypted