Skip to content

Commit

Permalink
Setup erik.xnee.net
Browse files Browse the repository at this point in the history
  • Loading branch information
@peterablehmann
peterablehmann committed Aug 25, 2024
1 parent 932a37b commit 2e57c00
Show file tree
Hide file tree
Showing 7 changed files with 159 additions and 21 deletions.
2 changes: 2 additions & 0 deletions .sops.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ keys:
- &system_mns age1s7xs405mkw2gagclktekz27lxhh38se7adrkdfc0x2l28j9xsvdqcdrsyr
- &system_ymir age183wgf8xp46chqk049ekyg7vsan2p50zh4lqfllcllzwuekeywdzqn7pz0q
- &system_heptifili age1zw4a4jzjdz8vw3u3uxu04lc4c400xsx2d3auvs9cefs9ukutmdkq7lre7a
- &system_erik age1t0jhu8e23xn6qmye9ghrt0m49l86a8u08wwe0cjulkvytj5gqgdqhh8wtm

creation_rules:
- path_regex: secrets/common.(yaml|json|env|ini)$
Expand All @@ -12,6 +13,7 @@ creation_rules:
- *system_mns
- *system_ymir
- *system_heptifili
- *system_erik

- path_regex: secrets/mns.(yaml|json|env|ini)$
key_groups:
Expand Down
11 changes: 10 additions & 1 deletion flake.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,16 @@
./installers/home
];
};

erik = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs outputs; };
system = "x86_64-linux";
extraModules = [ inputs.colmena.nixosModules.deploymentOptions ];
modules = [
./nodes/erik
self.nixosModules.common
nix-topology.nixosModules.default
];
};
heptifili = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs outputs; };
system = "x86_64-linux";
Expand Down
10 changes: 10 additions & 0 deletions nodes/erik/default.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{ inputs
, ...
}:
{
imports = [
./disko.nix
./hardware-configuration.nix
./networking.nix
];
}
34 changes: 34 additions & 0 deletions nodes/erik/disko.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
{
disko.devices = {
disk = {
sda = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
label = "EFI";
type = "EF00";
size = "200M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
label = "NIXOS";
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}
20 changes: 20 additions & 0 deletions nodes/erik/hardware-configuration.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{ config, lib, modulesPath, ... }:

{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];

boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "usb_storage" "sd_mod" ];
kernelModules = [ ];
};
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};

nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}
54 changes: 54 additions & 0 deletions nodes/erik/networking.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
{ lib
, config
, ...
}:
let
inherit (config.lib.topology) mkConnectionRev;
IPv4 = "192.168.10.11";
IPv6 = "fde6:bbc7:8946:7387::100b";
in
{
topology.self.interfaces.eth0 = {
network = "Internet";
physicalConnections = [ (mkConnectionRev "Fritz!Box" "*") ];
};

networking = {
domains = {
enable = true;
subDomains = {
"${config.networking.fqdn}" = { };
};
baseDomains."${config.networking.domain}" = {
a.data = IPv4;
aaaa.data = IPv6;
};
};
useNetworkd = true;
useDHCP = false;
hostName = "erik";
usePredictableInterfaceNames = lib.mkDefault false;
domain = "xnee.net";
nameservers = [
"192.168.10.10"
"fde6:bbc7:8946:7387:6b4:feff:feca:b60b"
];
timeServers = [ "fde6:bbc7:8946:7387:6b4:feff:feca:b60b" ];
dhcpcd.enable = false;
};
systemd.network = {
enable = true;
networks = {
"10-wan" = {
networkConfig.DHCP = "ipv6";
matchConfig.Name = "eth0";
address = [
"${IPv4}/23"
"${IPv6}/64"
];
routes = [{ Gateway = "192.168.10.1"; }];
linkConfig.RequiredForOnline = "routable";
};
};
};
}
49 changes: 29 additions & 20 deletions secrets/common.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,38 +20,47 @@ sops:
- recipient: age1d085lpynkxxf0mfus0rd3qq0r38clwz9d5ddrl79x982z00j6qsqq8f54g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQTGFlUXRZNE5FUDc0NGRO
Z2JWL1RQdDViZ2VyTGNSbThFWTIwSHErMXlVCk5qY05hNTRsajE2ZVYxTTVsMzZC
MlJPZzNXa29CTjJ6N29CTVhXTDRPMG8KLS0tIHhyaHU2Vm8xUlJYaEhmTG1MWjdV
TnBoaldPaW9zY2xjK2NpdEZXTmlBaHMKPAdGnEQb3ZMeViJT7dDIpEvegQwiPkM1
qEhPMbd6M4X7RnsIliUhXEoaaLu1qEL4r6UL4JhccBNVuJOA9tWEiA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwOWVWVVJQZTF0ZjQrb0hM
LzJsSkprNm95WUI4YVRVTDdzVlUrZC9iR25JCnN3VXBXTUNTUmhWcjhZaFB2SjFm
Y04xL2dCZkdOeXlXeGJQT0k1SWh3MXMKLS0tIGhiMTZsaEx0YjdpdmM4cDZHVWpJ
UGRpQWduaWdMMnlTZ1RpWmkvdXNweXMK8IrZz5aJeRfM525IfDsylLgI5upIiesQ
iNfatcR1otBpvWBMTUsGwLu9TPy4Ub76UL2L5Y9n5D2/IlUCylimZQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s7xs405mkw2gagclktekz27lxhh38se7adrkdfc0x2l28j9xsvdqcdrsyr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSYmdjT3d3MzJpTVVsSGd5
bGZLbW14N1Q4REVzeWV6cHlIeFdQQXA3MlUwCm5xMS9qZUZjMVI1YndYZlIyQSs0
MjJxZFh4MjNHUm1PVzRsRDgwcDR0Sk0KLS0tIGY4YkpVbHZtZnhnZDJ6QkFqZUNU
MitpWCszN3IzK1BlZWR0amZKUm1vWjQKd7hy3OeHdVlCn6Cdsteijsuc1R5kobCX
tafDRKILeLJMtduDZT+vwEs/4hErK6sFRZVwgm2oIJa3HRnJY0X3OA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIeDdDVUxYZkxrL3VzLzMx
ZHM2dUgrZzFlTm45U0E2T1U0Y0dFQlJnOUhVCjdwRWV3d2RJZHJLR1p1WTZYbUl3
dys4Q3RaeDNvV3ZFbnRDc2VYT2lOcFkKLS0tIDVQNEVMTTFKdVJrbkdRc0VRdVdP
ZmVQV0t5aWtRVXJjUHY4czJFTmkwd3MKBFOw4E1ir5s1omlOpxCehjxl2l5Tfqzp
u7XT0HoVEHTfW9Xw7kNOUlXbunFMlx3laXN1p2XS59sw2OYaPUANLw==
-----END AGE ENCRYPTED FILE-----
- recipient: age183wgf8xp46chqk049ekyg7vsan2p50zh4lqfllcllzwuekeywdzqn7pz0q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMXFrNE1uOUZwU1ZCOFlG
MzJmbnJidUFCczNyeHZtemgrbE1rc3FrS0drCk93ekNkVVZTZW0rT1lhUzkvMFRs
MVo2WmtmeU9vLzVBdnFxWTIvY3hZSjQKLS0tIC9VMVNuOG4weVVaNFFVdDFnRHJr
REVweVJvQUVqWXNZVXpLSERSU3ZLTk0KKBQaO8PKLjUr7x81pbcINRQ8GZYVBLfj
f4DlkdiXQsCDYKFaHQh+WkbmGmSIvyRffkP7TM9lR5R/AFsXV3q7tQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhVERTY0xyUXZSWlkzbEFZ
ZHZiZE5hUmUzM0ErWk1uTmp6cVZEUGM5b3lJCkJkd0VtRTNDbHh1TWdGK1ptWDlh
bFNMeG4xMlFsY2M5QkNsNFc1blpyRkkKLS0tIGp1UEgwVkpNdkRoa3RpTkFpTFRk
MUEyQ1NrQ2lyVjNtTDE2T0JQKzFRSlEKt++lJH9wvKBtyBm9ROD2nbTuJVfEXWZG
8mzs/L53g/Bsof57jpYHDhXtaWSLW7VhyS4fpwwbgOdVwfI7CXZNaA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zw4a4jzjdz8vw3u3uxu04lc4c400xsx2d3auvs9cefs9ukutmdkq7lre7a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXbHBTa1JwZ040M3RscUF4
dXhqNmk5T2JKeHpPZEVDVjFLV1NTV3gwSXprCnh0TDhTK2NPa25lZ0l2V1dNei9I
aVFHVTV4ZVNqekliSXFvODg3ZGR1eTAKLS0tIHNRdW1Fd1pMeExoNEdWcWx3VHBJ
RFl1VjNjanBOcjYzRmVEaklYWGpLYUEKlQ84rv4qQWfFT7moZZNJIdo68CrIKmZ8
2kPwH+CyC15HjwT69ahz7jRfft4VdlqzgJx8v4XXMXrJ/F9sZmk/RA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzSmM3RVhDcE5nekFIeHNy
U2NuZk5welQvZDNXUElFZ1JMOTRRZ2RtN0NnCkMraVh0WndQd2JJQSs3ZUlQMkZ3
QlF4VnVibzdPSWF0ZThSTFQyb1RuVUEKLS0tIGJrTXVadU1rU1Jnd01pV2pNakxo
ZnBGS2xjZGdLQUVyZmh3S3VTOHhKSFkK9SuVCuIk4mN2PnhPAQF7WoGXaDaogotH
Ioz8bWrYcprbeuPWmGHapP7lc2Y7UE+YyCo9AJxn/hWDB9T77eH/6Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1t0jhu8e23xn6qmye9ghrt0m49l86a8u08wwe0cjulkvytj5gqgdqhh8wtm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4em5MWGlldW1wUjVnbTUv
VHFPQWU3cmpsdTNSendGV1RrSlVPUUc3TEVvCmovRjduMmxwMW9PSzVtSnkrd1Vw
YnBuVFd1ME1yQUgrVFJYL0ZTT0xITWMKLS0tIGM2YmRNK1dxanJ0bTZ5bGg4K1JQ
ZmIxTnR0dkNEdUIzTU85OTFSVjZwcVUKemWhrkeomzCkltyDti1KzBdXyfWaeRSJ
lZf7wYUOUhFhMUr/vV3RdtTStbbuCmZaikjQeKroxIkL+6bp5Fa8aA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-19T13:27:13Z"
mac: ENC[AES256_GCM,data:PFqAZtsPre9z878SJhNUBxKTFb+RrwaKOECIXpNImDHIGUnQBNhHjt4xqQlwpSKCBC1lqMFk6wxjeI5Pe/Xo5QLMy4b3j1uohUM0PUjr/04l6uv/pg8QBmj9MbGtK2a05ZteI+CirtXWd4J7eQOL7zPzm5mLfhFg7rxjWtKXxYg=,iv:DMcoARgBAiu3Zjojt042v/3+xJIfzzjIgUm9hZ42CNA=,tag:YNdYr4I6hHuhPHoOsu4hiA==,type:str]
Expand Down

0 comments on commit 2e57c00

Please sign in to comment.