tux/nix-config
1
0
Fork 0
mirror of https://github.com/tuxdotrs/nix-config.git synced 2025-12-13 06:04:58 +05:30
Code Issues Actions Packages Projects Releases Wiki Activity

feat(node): add new host

Browse Source
This commit is contained in:
tux
2025-10-27 22:39:46 +05:30
parent 315b6f4c8f
commit 0f50de8d9a
7 changed files with 202 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.sops.yaml
View File

@@ -9,6 +9,7 @@ keys:
- &arcturus age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
- &alpha age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq
- &vega age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l
- &node age1cltj5wl3evxq57d7rpdglptexejgefs39njtcvmsm4fuc8kn5p8sqpef4z
- &capella age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh
creation_rules:
@@ -22,6 +23,7 @@ creation_rules:
- *arcturus
- *alpha
- *vega
- *node
- *capella
- path_regex: hosts/sirius/secrets.yaml$
key_groups:

2
flake.nix
View File

@@ -66,6 +66,7 @@
alpha = nixosSystem (mkNixOSConfig "alpha");
sirius = nixosSystem (mkNixOSConfig "sirius");
vega = nixosSystem (mkNixOSConfig "vega");
node = nixosSystem (mkNixOSConfig "node");
vps = nixosSystem (mkNixOSConfig "vps");
isoImage = nixosSystem (mkNixOSConfig "isoImage");
homelab = nixosSystem (mkNixOSConfig "homelab");
@@ -85,6 +86,7 @@
alpha = mkNixOSNode "alpha";
sirius = mkNixOSNode "sirius";
vega = mkNixOSNode "vega";
node = mkNixOSNode "node";
homelab = mkNixOSNode "homelab";
capella = mkDroidNode "capella";
rigel = mkDroidNode "rigel";

97
hosts/common/secrets.yaml
View File

@@ -1,79 +1,88 @@
tux-password: ENC[AES256_GCM,data:68ZXKJMBBLV1mkNP9LFf+xC5arsARqKPFQAtmfag3ftip1suuZ1FmQICqsuCqXgGuwcSfH4ACkuiQ769u4aI7+jPxs0A62hFig==,iv:Yx9EfqChjBtgxxkWmayfKWoE498w4wUYoS353cMUMsI=,tag:Zr3KuIiXsi2VahRZ7Ncpig==,type:str]
tux-password: ENC[AES256_GCM,data:L7f+qd79ahu5IFEND4vAuJYyeZGWi6tAwjCA3yeDprskPlN3sVv4L9Cgr9fLBsebrIkooEETTMWaTpCej0C3ke0RG6EtqUhzvg==,iv:fhovTgvUBgWr+Nj2eNVDs0gVla76+qwQBJzrBRE8paw=,tag:3QGPvJddrFN2RIrVKAkLmg==,type:str]
sops:
age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWblJrWjErZC81d1IzTHV6
ZUkwTEhRdVdTTlJQb1pocnpnSkdZSWNTelVFCkJLR3VwT2dwM3IydCtkZ24yLzVF
ei9xMG51djNldnZkSnVqeEtsVFNSMkEKLS0tIGNEdi9OV0ZjVW93SUUyVURpT2tR
U3ZybTNac1JvVW9zTy9ocE5FUkpQTjAK2lAp5MC3B779uSWaOOxbnfdAa9xYDCL2
TloXlxfuYKe0j9Z2TIlYOa6z+/m8upOpE42Ux0qjZprE1LBq3g5uMA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyOG0wQWgzK0Y5L1FjUEpU
SGp6U1lybEFxTTVLemRqL0JjbGpvc1doVENZCjl5TGJYSENHQURmRnZzb05xMUhZ
QjU0QUE1WGQ0RW11YTRVazBlLzV5TkUKLS0tIFBDQTdyaU9tdjFpakRlK1JBSWdZ
K3NZak1iY0o1V3NvTWE5c2VKaGZiTG8K1B2VOTKmMO2p4eEnXhNhUtz5RthSwMNB
W/z5bPzrR+NB1QDvILmxE+aVNqmaW0t5WsCh62ygvDQHDj8wczZtGA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1f860dfewlx5jtt9ejr47gywx70p3dmyc8mat29gpr75psljwjv8q5xyxkq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoZGdNSG5ER0JxbWhNanJU
WGlCZlIyT3JLWnFkSnBaakkyMXZBU0o0cjFVCml5VDB2d2dJTGkvVDh5M1NweXl1
ajl3R2RUWmtwWU5RUlpsVFIvM3R0cUUKLS0tIFNkbmtrRGdrcUFibDlldncrbjg2
TWJ1UFh5RnI2VDRocnZ0VVNmd2JRSVEKmqNV4dADO9ZxTjlDgMC5fNdioJrO6vrN
vTg3lTrwOTZ/TCg9PS2T5QEX9fZh2UthCEisPO7p1Q81Gyk7ySg2ow==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyc0l6YndBd3kxTmFkRXpC
bmRta0RtOVhPRjdCd0lGSzVDS2Yza0IxZW1nCk1KcVNzYUxiTC9xd3BBRUg1WldI
SUtEdWNkK1ZBVzlwWWRjZHRVeDArRTAKLS0tIFBlWitJQzZPbWc5Si9obkhHTzI2
RG9mOFFBSGJwZmoxcWQvQnlXQnprNFEK3/Ndje4n5v045bO7nU0Sf6xk6RZCjvZu
75kpDXhmvwwMfJYYyuemLKoK8Erxjr1vXJ0xmwErNHsdEEcDFbZhaw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1x36yr8h993srfj29sfpzt4wyz52nztvncpmhgmfs0j26qvfecq3qvcm0an
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZWRuaHIvT3BSZ2M0OUla
YWhSa2Q5SDJNbkRLQUZxaVFISmJENTIxc0hrCjlKTVBCK2g2WWNNNlNJQ25sMjVY
TURsSkNsbTQwRGlyU3NySis5azNvTVUKLS0tIGZHUEh3NHMyVXN5T0pXOWpOT1JP
UmZSM1J0elprbVBUZzU5QjVLRnVxNWsKFVdUQcKiHaSDR2+GqafXvoRQ0yyiKMcy
/UP/yCMoNUYIpiv4ocRhtDj4QrrO6NdJJTUifMkB9I1B6R7B7NG/gw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsZCtXcGdtVVFDZkNwQnFu
dk5YbG1yQnFNY3NjNXFrZU5GU3dmQ1FWTmprCnAzc1lhUEFPb1Y1bmQza1lybkhV
YzU5Q1JUUXdQYXB4STZVZ0xCUC96ZUUKLS0tIHByZndVaUVyaU1kcXl3QjFlWS9M
Sk54K1VrSnFrZjBuNFkxUndlQWwrUDQKy/kdRKVVtFyROJU6jElBruzrWWuH6o0q
gbelOOKYLOoj5dvPfIuBoBNXe7xKs9w76PY4Fm7M1U1SXs/XRnigTw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jg642q775gmnmxeu29gcf3lph8vem4xr8t84cxe809dpd0myrussh49h60
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeEpwakIyMkRYN1c0bUNy
eDFpUGlkTW02NWE1VlYxYnNsQTJ1NHIyWVY4ClI3VHlSWW1IK3I3SHY5YXN5S09q
OU5aSXVXU0FVU1VrNGlCTzFKWm95ZkkKLS0tIGV0Sy9LYlBuTm4xa2Zkc3JoaWo0
ZXllYnMwaXBXTW5vVVhoNXVFcEwvdlEKbuiT2/Isi3nsx/r3whpX6RiLEtsLMm6f
2A3bKpz1+MUupE6umEIBCXc+k58W6VhBkdrMxGtxZt1ZeA8ftz4bVA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6NktQRmw1Qlh2U2FhSGta
WEczbENZWnBzWldNRVA0UWppYW5sYytacXprClJqVUFaTCtCWFFmN25BUWwrSlZx
S1ZQK2ErNEhDYjRycVZob083ZERSaWcKLS0tIFBNTTByWEVMTzZCLys5d3VCRnph
VVBqUHN5dWlnNDlUYWhLcndKcFVhMVUKaxhoANxILZ+lBGwyf1s7uJKqHeHEtDK1
SS7yqtB7bn93EjjlkKsmRk1GSyh91KxxUuFphWagbned8FnrwTUdRA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbFUwbXoyUnZGMElMdldX
UkJseC9XWEU3Vks2eGdYbHFjUjZMUVVGbkY0ClNIWFMvWEl1eDRncEt1dy9iVS81
ZE1rN25lR0w0Wno2OHZDZTRhSTVXVDgKLS0tIG9jNmFkdGxoRmRCT1RJQjVlOUJa
R0kxbllzMXZML1J6MitXSGhSTkF0MEkK8g7s87t956UTDtQO+IUEXe2B6WNM+KfH
aRobwCjvXcv5I8G+gkNll23MYlLMBRZ1qkeq24R0xA7cMYXj5APUsA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKMnhhL1h4UGg4NVNTTGFq
N0FkZDMyZnMvc3hPeFZScmsvNWg5ZGc2aVFNCkVlbkFZQWFjVE5KcVJMNjVqTWFr
YXFOblRyTlVNYTZZVzRPN0N4enA0aXMKLS0tIFBFU1duNExtenVYNU4xYitYbS9t
VUFPYzlWa000NkdiMG5aVUhXMDZLaUEKHVpkfUiRCgtffRfVeCYyUSd8GG4unYNA
Nk8ctjKYhzzMW4VNM3QVm4txOxEILIaJtDoqF2klpMIIaYhucNLppA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0bTBEck44R2ZxS0M3Ris1
VllxeEgyTjRWcHp3RUdpMytFQ0podkxXT1JrCi9VU2U2SHFrd1dPb3RESkQ4OGhi
RjZVVTZWQUVXSUxqaG5KVkJxQ0RCQncKLS0tIDJiVGpIU0NjelVCZkloOGhxQTdV
eHlaVm9iUFk2YThXZnU5SVpHUVVHbkEKcmUvbINRqmkkvXyyskNJ4eYD7VdQnxqg
7VuWV7zUK5ZVPv9kJiUl3OB3vNU8U15sNIdAjCp8//RtNkRyDJMgEQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWR1F3ejVWdUgxNFhKQlkv
dlVSdk9qZFpMNDV1R0hGdG5vOGpsUTl5TTBzCmVLWWIrOXJ2b3QrS3puUU5oeW9s
YWNhTE5nUFg1WTNoVUVxTW5QT0FjMHcKLS0tIFMxdEh6dVRyZkZPazQ0TGZBUFJM
QmFEMTlFZTFya21tSkJOeGhLVlBpRG8KHoGPNjwXdTIOUwuMnVAo4i7koWTE083b
svpVUzC4KHfyrAJL8dR0RRPKejBKSgQny8P+CNkjLfyp+19GyPkIvQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVjU1Vy9tMkp5MS96Si9v
bnB4OHpzdktPeStYZHFZTXVmSWphMkxFQkRZCjEvTEpZY1I4TWNlM0c4Wi9nUVhx
dktvOXdXQ0M1YzhVU3BlOUZ4Tjkrd28KLS0tIC9NT0NKZTd0VUVUQTB6UHhDSVVw
eFM1Q1JOVXZoSXltRVZpaTNTUWhNa3MKFoY5bWWQS9qh0j8sgIgRA4jT6sl0xRkC
Tu0WUz344TzkJFuy7MgOpviQMqAijmbyYjaRSdS3CLGHvTKY8GcpOA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPV0JmTlR6dFpBZHR6SFk0
aXRVNk9qOERWQUtnNGhlUjJHTmkwQSt2RXlBCnFvYVVQTG8vSHFIRXFxZm94QmU0
aEF6V1hadlFQNHBGK1dkK08wMU1yY0EKLS0tIGNkbVdvUGxjRHh3NjBMNjFmeE5k
cUsrZjRRcW1tRXJDcVdUVG1ZQnM2Z2cKy4ikF/Cmi4bfv9LHQ8jWY4QT/M1lGdVd
5x0hx8q0nB24yBUUxqTm601CbSm1bBiha/t0wVZU/MU1b4p4SFJhxA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cltj5wl3evxq57d7rpdglptexejgefs39njtcvmsm4fuc8kn5p8sqpef4z
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCVXNvWitpb1pESStMazUv
aTBhUG8xbjNrYVZFVm1Nei80Y3NCUXdJUGkwCm9yK3UyTHFrV2grMW93ZHVrZlMy
V29mZnYrT2F1QnlJUUdDVU5FdVd4RkkKLS0tIFVSZmIwRHJTV0FFTE9aRU5pVDkx
T1NIZG8zdC8vVFRKZHp3TWFvb2hoTzQK5bTrc1bb2t9xXIDZw5YrWT9Lv0EWtJCE
xN52eUVI2/XXuExI7XcI5JfDNGynagzkj++QYwoH9TNQHqlRMBYOwA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSYlpXRGNpQVZTQ3hZK2lr
L2xodmhycTlRczN1c2Zib3RoeGlxQTAwTVRRCkJ1aWc3bzAyNnlMbUhuK2YwTXBq
Q1VhUUtWWXU0RXY2NG5jMG90dis4bEUKLS0tIHlkRkdCV0ZvU2pLZDRlN2h6c0JO
TTNtbGY1UWV5K3VQWjk5WlgyNUd1UVkK+XeX8vK4K2DJaWtFE91YGg/58M09rwuj
VVcMIPPPO1+KD16HTe1b8bVPeNfpIj9p3ybew3ILducyrYiRrxzGwg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBS3F2UnlDMkpJdEdDZEs4
eldVU1BNUXVNdjR3cHhNc0libnBZQXNmVUZ3CkFOOUpmVXgzcllDTWFEaEZTTm5W
OW1lRFJSWFFtU205d1habWp1VExIWEkKLS0tIHhXOGJQZWlvUUVLUnBuQTdQMXB0
aW5FRkNWR2QySXVXZ0I2Ky9rNHUxNzgK2S5OgrP0o4hko5VPyCv9Mzb48BSkL+9A
H872Z+Nu6kephicg4gewqtJvLvE4wrUyXXzza1O7Q9VHuE1BQqw72A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-10T10:14:47Z"
mac: ENC[AES256_GCM,data:fmBWLOOCvJLfKSNG14zd9cBEa9+M4dJ7UtR+SZfGEcoGtBPmX1c6ZR8OgB+I45WkpT+Ho8kwQMcnD0n6IWzg946OEzIZjNuCds/wM1cCd3LjjlqwKnN1QGL5DNSIyi5CFzrjvvFtZCsw2acNjxtK86JujhpOivdVKC/kGkJzF0M=,iv:g0jXzrtU53YpW/NIb8ulmOGSJIXMA1Wady6DlOMA9aU=,tag:zf7WmNNYcFO9Rtynm5vaUg==,type:str]
lastmodified: "2025-10-27T17:05:12Z"
mac: ENC[AES256_GCM,data:gyvhzdjSc8Wjv+IroaiMXMzNCSrFjpK07i7w0hs6bSKzvNtpIbwf7+tgFISe5dXrEq9HD+Z1JC6xwo45V+XAyguXUXa37YoCM5aG41f/LMCsoGQYsEPuq6djeraKXEfElQbGnjZOjHxy/nNlgiyuqze9+AScG+JsKr/DOd2+ACw=,iv:yGHLJw39HRujbcRB/2dDWaec/6GmSAUVnKUvjlCiGY0=,tag:/M9iuG8aegOK5Spa2uM30Q==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.11.0

48
hosts/node/default.nix Executable file
View File

@@ -0,0 +1,48 @@
{
inputs,
username,
lib,
...
}: {
imports = [
inputs.disko.nixosModules.default
(import ./disko.nix {
device = "/dev/nvme0n1";
device2 = "/dev/nvme1n1";
})
./hardware.nix
../common
];
tux.services.openssh.enable = true;
boot.loader.grub.enable = true;
networking = {
hostName = "node";
networkmanager = {
enable = true;
wifi.powersave = false;
};
firewall = {
enable = true;
allowedTCPPorts = [22];
};
};
security.rtkit.enable = true;
environment.persistence."/persist" = {
enable = false;
};
home-manager.users.${username} = {
imports = [
./home.nix
];
};
system.stateVersion = "25.05";
}

69
hosts/node/disko.nix Normal file
View File

@@ -0,0 +1,69 @@
{
device ? throw "Set this to the disk device, e.g. /dev/nvme0n1",
device2 ? throw "Set this to the disk device2, e.g. /dev/nvme1n1",
...
}: {
disko.devices = {
disk = {
disk1 = {
type = "disk";
device = "${device}";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid0";
};
};
};
};
};
disk2 = {
type = "disk";
device = "${device2}";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid0";
};
};
};
};
};
};
mdadm = {
raid0 = {
type = "mdadm";
level = 0;
content = {
type = "gpt";
partitions = {
primary = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

25
hosts/node/hardware.nix Normal file
View File

@@ -0,0 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp41s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

3
hosts/node/home.nix Normal file
View File

@@ -0,0 +1,3 @@
{...}: {
home.stateVersion = "25.05";
}