tux/nixos-config
1
0
Fork 0
mirror of https://github.com/tuxdotrs/nixos-config.git synced 2025-07-06 17:56:35 +05:30
Code Issues Actions Packages Projects Releases Wiki Activity

feat: add new host capella for game server hosting

Browse Source
This commit is contained in:
0xTux
2024-10-21 02:05:53 +05:30
parent 68de1ae948
commit 29520393c8
6 changed files with 156 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.sops.yaml
View File

@ -8,6 +8,7 @@ keys:
- &alpha age145uq9emlxqzm3wqauy9zqj78wqx9e6h09xag6wust7jjgn4upfzsaemcvx - &alpha age145uq9emlxqzm3wqauy9zqj78wqx9e6h09xag6wust7jjgn4upfzsaemcvx
- &sirius age15d06qpn64p3w57l8yhdesdr5g69dtncwq8yrkx2uw0szql3p7fsq4awlka - &sirius age15d06qpn64p3w57l8yhdesdr5g69dtncwq8yrkx2uw0szql3p7fsq4awlka
- &vega age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l - &vega age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l
- &capella age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh
creation_rules: creation_rules:
- path_regex: hosts/common/secrets.yaml$ - path_regex: hosts/common/secrets.yaml$
@ -19,6 +20,7 @@ creation_rules:
- *alpha - *alpha
- *sirius - *sirius
- *vega - *vega
- *capella
- path_regex: hosts/canopus/secrets.yaml$ - path_regex: hosts/canopus/secrets.yaml$
key_groups: key_groups:
- age: - age:

19
flake.nix
View File

@ -146,6 +146,25 @@
]; ];
}; };
capella = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs outputs username;};
modules = [
./hosts/capella
home-manager.nixosModules.home-manager
{
home-manager.backupFileExtension = "backup";
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {inherit inputs outputs username;};
home-manager.users.${username} = {
imports = [
./hosts/capella/home.nix
];
};
}
];
};
vps = nixpkgs.lib.nixosSystem { vps = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs outputs username;}; specialArgs = {inherit inputs outputs username;};
modules = [ modules = [

32
hosts/capella/default.nix Normal file
View File

@ -0,0 +1,32 @@
{
modulesPath,
inputs,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
inputs.disko.nixosModules.default
(import ./disko.nix {device = "/dev/sda";})
../common
];
nixpkgs.hostPlatform = "x86_64-linux";
networking = {
hostName = "capella";
firewall.enable = false;
};
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
environment.persistence."/persist" = {
enable = false;
};
system.stateVersion = "24.11";
}

54
hosts/capella/disko.nix Normal file
View File

@ -0,0 +1,54 @@
{device ? throw "Set this to the disk device, e.g. /dev/nvme0n1", ...}: {
disko.devices = {
disk.primary = {
inherit device;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}

7
hosts/capella/home.nix Normal file
View File

@ -0,0 +1,7 @@
{...}: {
imports = [
../common/home.nix
];
home.stateVersion = "24.11";
}

75
hosts/common/secrets.yaml
View File

@ -1,4 +1,4 @@
tux-password: ENC[AES256_GCM,data:HhabXYKDqiNwNvOTzf3D+vBxm/y/XoTbuyh1U3HX3cxQdi5l8TdMpnO9x1MDQRLCYnCE8sBTBviybu9RGEu7RPXUatzTseMOIw==,iv:0T918MQMRUAhHfQJ20iPYcPBLCSWoGvpP1DesTb7Fek=,tag:oqnmIHTt99Gh3xNTDjCIFA==,type:str] tux-password: ENC[AES256_GCM,data:qGekvccmzu/AvaGc1iwbwV0Q3+2utMqEAtbnFG38F8xnr9g3ki16jQpLhyn5yAY7dpbtiahC7Y5q1iSRTQffZ+NSxy/g7PPpiw==,iv:Dn7kVJDJxEITTpM2YS8jlUQPybKBfhC4R7p+YUVdbOI=,tag:ccTHJ5L0abI4vuKgpOeIxQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -8,59 +8,68 @@ sops:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4 - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNVg0UkpXSFd5dkZ2V2ZK YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOQ3l4YWxqdEZBYXFvNWFC
NVJGd0V4UFhrUWlwdVNLMElnZjJwcXNjbWtZCndJcmxyYUlDK0pzUitTU0t6TlN3 V0plbXNHNE92akI2MVdmWWxhV0JCZlZzekhVCnVaeXJrLzJ6VnZpRThpckZaVmR2
bTF1MnhMMzFtQjlRYzNiNTd2eStKWVUKLS0tIHhlZWtuOFZOZWIvTWVTOXUrMzNr MThuOVY4QjJWYy8xSGhFRk0wcVVSZHcKLS0tIHFKdlpGWlJoZnlBcVVaRFFacGtX
ZVJHdnJzYjRyeWU0TlpzTXVQT0FvN3MK4d9K16awsINh5YDTzGa08t2BGFSDTng7 L2Z3SVhjRmgxanVjenBGRnc1bU5NOVUKpVqyM5LHZslYgsLY/DhCHlLvMmexC/Hs
t0QzH26cZvElDfsCpsC3JvV8cHKvNXPqsUqowQ5h/2TCybWz7CQDPQ== RmFZYmTrgfSl8QtL6T753gbNQ/v8WttnW3Yu5k2+xal1lNJUClv34Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1udt3cssu7ahdrhsvckt8450rswrr6mknn36xpq74dkfp9lpajvnq84kdzj - recipient: age1udt3cssu7ahdrhsvckt8450rswrr6mknn36xpq74dkfp9lpajvnq84kdzj
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YUJON0VnVkFiZndGeHFS YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTS3RCWS9laDFIeTE4V2Mv
TVBVYnlqMHZVczdnWm5hekJOM1VnMWlaQW04ClJ6Y0tpczZGYks1WE5VZEJDOVdD dnR6cjVsci9vMjFqSFBwQlNnWlU3anBXZGpVCkhDbHdTbVZrek5DNUNSTVVJTEpG
Mi93SW9MVG1zVHFCcG5WTm9rNGJ1T2cKLS0tIEN5aHVLcFpjRjdQSVhrZExKanBu c2tKenBiSE5JV29HVXZMbE5BS1R4d1EKLS0tIFRGb3htU3NKS0c0MTRJUktZQ2lt
NzFQTmtrSG00VzZiaUgybnJlR3RoalkKrCK2IGvPbqOOb4yXfF8zObqqFUiVy+8/ MTF5dnZFSjFhdVBVamczb1NDTUtBY3MKMVW+o6/lVB512k32EKIQYgdj+3p8YGQm
O+PQh+5wLI/mm6Ywov+iye15gxvv9KvIY+SYH68oz8dq1NBjGlH5Ew== fqInjX0K9BcLUxpV86KxQtqrXzp+UzvjFZebJPDZDGgOr/qkhTZpyg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50 - recipient: age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwRUM5T1NtOUZKVlpBOUls YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbXhiY0RYM0dOeWdXOFBH
NEdmait3aHJCTlFzVVQ4ZnVnT21GOXhXZGtrCnFySVVRbVBjcGhnQ1o2aDBJLzBr NWoyMjhrdVkzdGFIV3lLWW5tbyt2Nmp0amc0CnF1cm51MWdIQlpIdys3VWtTU09N
b1EwVU9rVzIzUko1NkVoMlNLN0xUSTQKLS0tIHZVYWhOTzMwUXIrQWl2TVVSbS9x RmVOdHlxYWFIRzFWZmltYVR0QkpRNzgKLS0tIHJQbHJXTndjTkpQdXljT3lBdm5z
WFoxUlhZL1pUVStvd0dFRXJhS0IrTU0K7FXe8JmzpW0QNZREczz+027uakStniXg SDYyVi9Ncm8vZUQrWlQ2NTY3ZnQrdVUKe8nxkkQRyJcjtHgL01D6h1hjZFnWtf8b
rOFUP1Q4GFPPpwSkW3q6n1WOCJzrDgLhHv028thCB96HnwOnQMQLUw== 0WlaX09/DKAfZuFQ9vCRFMjjld5cGendHgnrpb5twGVi9X9PhUxpbw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age145uq9emlxqzm3wqauy9zqj78wqx9e6h09xag6wust7jjgn4upfzsaemcvx - recipient: age145uq9emlxqzm3wqauy9zqj78wqx9e6h09xag6wust7jjgn4upfzsaemcvx
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjNlRMWFZRb3BFcDlyZlp6 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2dDRnQnFSZ3pvaFYxNUxx
NGJIVVVzZXBPbDhkVlE3UERYUGc5RzYzcEJRCkdnejdIRHlyeFFwa2RtdUgvUmFC Zi9LK3FJYmNzYXVjUGZHcm9JakRXcjZtZUdFCkx2SmYxSHM1OU1BbGtzMjBQTU84
cmgrcmZnVy9QUlFvN1pnUUNTbng5ZHcKLS0tIGd5M1FyOXBXa0tDZmxQUFFKUHhN R1lYOFBHS0dUWTlPTVNFUFhySm8vSkkKLS0tIEQwdHJGWlBXUkVqZXAvbXZpemNt
aCtYY3NJV3o0NllxbktnaWxkbHhpM0EKvp9AeumYmrnq8K6HwdTurbhn8xjSx6Iw dFVldkNOajdyTFNmN0d1VFBrRkNnZWsKRd4HGshgNmF6rKsFkQXJCQWPkcC7Wfp6
YGwZN8+QLGWO2c0c5ZfkzBNIQeBCkEspchCojE7GuvgIg0fjDvtcGA== K38rEjfL/WealmXcjXtAPd23zl3t/xqmQlnkhJEW+gocYfnaCQnLjw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age15d06qpn64p3w57l8yhdesdr5g69dtncwq8yrkx2uw0szql3p7fsq4awlka - recipient: age15d06qpn64p3w57l8yhdesdr5g69dtncwq8yrkx2uw0szql3p7fsq4awlka
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSUU02L2FQLzVEK0FOSXhL YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5TUdnZlM0emFsak55TkVi
K25FUzNXeHNXQUlJM2phTXhjajRGS3BwZzFBCkk5ZWlZRVJRM2xEMHpkQytYQUNK Tm9oTnhXZE95bjI1ZFpMRDBtMk16TFVnV0ZJCmFGZEJzeDRpN05IalM1Q21VdzZu
RFdEOFNVSytPbUp4Nm5icFBGQXpPUEEKLS0tIDM4SXFHRkNDM2k2UWk4ZG01YWUv a0Evam0wRTd5cFZqaDNQSE9xZGtJUlkKLS0tIHdKck1sRWpMbjNXVUh2bkJFVUdz
Ny9CdmlSa3lhNzNwRmlhUUhicWZDMzAKcWtExqEK7wDnoX1dleU00SWpH5BISyP7 WEZqZ05WNnIzNFB0TFBCWVlyM2haNWcK3i/aA3nlgopWQCCpV7qVXtSNx/cdnIGH
2EgX+BwGLe6SObOF95b6v4lyVCsEQPPnc+euBRGXjxrE+DXrUtG+/Q== vloR2sa3bBA4ycvOpSiTsLpB50KEILkKIZoOZO9Gj7B2f7kjNIscqg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l - recipient: age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNzJ2aTZvZExWaTZNQVNJ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQSXR1WHVIaXBleE5Vc1Ft
ZDdUTmRqYzlhbDU5Q1ZsWDBGRlBzc2hoQ2tnCjZrQ0dITlFHZVhrTmhCREo4ZXp5 MkFsemVjVGMrRWFHWFJ2QVhSNyt3eG8yT0c0CkM0c2VSM0dDZlhWRDdRUEN1WE5N
SGEyVmlBRW50UGdlTXhndkovckpVSlkKLS0tIGFxTzNjNUxuaGM2Skt1TWRJUE9W RFlESS9HU1lQYy9vR3oxWE94YmhtSDAKLS0tIHhEMlJoZnh0SHFQUFlkeVNoYVBV
RUorZ1IwVnBhRjNRR21uVU5VTDBsN3MKOPlgcJ/zv/GbEZYbzKFxpU65b9Uf7Udl STBCb0ViNlU4TS93bHFGTUdGSnhVcU0K9vRvTXkd+pcr/4uT/YCqa75fJ6BPWkr0
fRBpQBHzS3BWcO87l9lgN8eqCzUhuD+iu1jAOmpNjcEhiY6kUq3YzQ== dTMXSUbmU/bVC/0g4HwoJmsvi9k0jHnX+2M70rahPb6jDt/D28CiVQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-16T17:57:50Z" - recipient: age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh
mac: ENC[AES256_GCM,data:n8XQiiwv/FcPmurf2MKuKVBMGW3nqmssVkfEHu+VrSmXDzH4AkrAW6Aph8fHKOvr4AFOtj7eEmh+7pHWlinvJkr/Hf9hPbXKlDazd2PVqVFRUShM6y6jSAYjFxvgxeaw0dkQNmNtI0mfogqt8kNQDtduDaiI6l0h2q3TVbLPGNA=,iv:R0HzfyxXYYdpB6hy0KX8mm8Ae+XeQBnNyrRxVX/4fkU=,tag:c+vYOQUDNVYhjAcuwa36Bg==,type:str] enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJV09PZkk4WkRTVEY1MG9H
S2JRUG82R2hGeTdvYTZlckVmS0ZVVzR0SjNjClIrVFc2WDNiRWh2UUhrUUwyNDRI
MlRsOGtEd2V5L283cnlVclliRG1jVkEKLS0tIDc3Wm40dHJGMDRYWlVFVzBrWnU4
UFhKVXBINlc4YlNDVFpmMU5xMkVEOXcKH3nNbWZFRs46BZnNudtLuldVwXvq9ooD
YygMMkFCmUFC9+MK8ruX/5HFq2FTtvNGbgd7UmFBjFKFKkXqCZBUug==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-20T20:20:48Z"
mac: ENC[AES256_GCM,data:5Jm1nHVIWIMtCMfs4EITE/qFrqkxQZRVdvKUOVuc4sB3xqhFm3F1aTLPMmQ0ZdBTsy6/sboHknKUtClEBDzpvechpbQGdQptMJozgVhzvMeuJyEfyspVI4TYxnkID3BF8HmFPgHwTwRWgaW4BlnMSs9xvZuVuezfEYQjOMq79YI=,iv:C063yjoZe48Sq/orEcjMZYAO1eY9UbLh2ZoUh4150wo=,tag:Zx/ByCQf8lhfrKgRZT/+Dw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.9.0