feat(servers): add bragi the poet.

flake.nix

@@ -114,6 +114,15 @@
           path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.baldur;
         };
       };
+
+      bragi = {
+        hostname = "bragi";
+        profiles.system = {
+          sshUser = "root";
+          user = "root";
+          path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.bragi;
+        };
+      };
     };
 
     nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration {
@@ -161,6 +170,17 @@
         ];
       };
 
+      bragi = nixpkgs.lib.nixosSystem {
+        system = "aarch64-linux";
+        modules = [
+          disko.nixosModules.disko
+          agenix.nixosModules.default
+          ./hosts/bragi/configuration.nix
+          ./modules/servers/general
+          ./modules/servers/bragi
+        ];
+      };
+
       nixos = nixpkgs.lib.nixosSystem {
         specialArgs = {inherit inputs;};
         modules = [

hosts/bragi/configuration.nix

@@ -0,0 +1,41 @@
+{
+  modulesPath,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disk-config.nix
+  ];
+
+  networking.hostName = "bragi";
+
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+  environment.systemPackages = map lib.lowPrio [
+    pkgs.curl
+    pkgs.neovim
+    pkgs.gitMinimal
+  ];
+
+  networking.useNetworkd = true;
+  systemd.network.enable = true;
+  systemd.network.networks."10-wan" = {
+    matchConfig.Name = "enp1s0"; # either ens3 or enp1s0 depending on system, check 'ip addr'
+    networkConfig.DHCP = "ipv4";
+    address = [
+      # replace this address with the one assigned to your instance
+      "2a01:4f9:c012:26aa::1/64"
+    ];
+    routes = [
+      {Gateway = "fe80::1";}
+    ];
+  };
+
+  system.stateVersion = "24.05";
+}

hosts/bragi/disk-config.nix

@@ -0,0 +1,54 @@
+{lib, ...}: {
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "lvm_pv";
+              vg = "pool";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [
+                "defaults"
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}

modules/servers/bragi/audiobookshelf.nix

@@ -0,0 +1,22 @@
+{...}: {
+  services.audiobookshelf = {
+    enable = true;
+  };
+
+  services.traefik.dynamicConfigOptions.http = {
+    services.audiobookshelf.loadBalancer.servers = [
+      {
+        url = "http://localhost:8000";
+      }
+    ];
+
+    routers.audiobookshelf = {
+      rule = "Host(`abs.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "audiobookshelf";
+      entrypoints = "websecure";
+    };
+  };
+}

modules/servers/bragi/default.nix

@@ -0,0 +1,7 @@
+{...}: {
+  imports = [
+    ./audiobookshelf.nix
+    ./storage-box.nix
+    ./secrets.nix
+  ];
+}

modules/servers/bragi/secrets.nix

@@ -0,0 +1,9 @@
+{
+  age = {
+    secrets = {
+      rclone = {
+        file = ../../../secrets/rclone.age;
+      };
+    };
+  };
+}

modules/servers/bragi/storage-box.nix

@@ -0,0 +1,19 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = [pkgs.rclone];
+
+  fileSystems."/mnt" = {
+    device = "storage:";
+    fsType = "rclone";
+    options = [
+      "nodev"
+      "nofail"
+      "allow_other"
+      "args2env"
+      "config=${config.age.secrets.rclone.path}"
+    ];
+  };
+}

secrets/rclone.age

@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 2P4nKw qCVX3JMWNQLJXRSVASI2wq4833CucZ8dkp7SHItiVBs
+np04RcZXq7QnSTG68F2tk7nfaB8yKATEO+qVEZQJ4/E
+-> ssh-ed25519 6+hQpQ rWsDHc5UWMkyjSkc+S/Y0G5c4sn2nm8uiwdHiFLxCVI
+oIU9myTYDBjYE7K7YEH3D9CJ4hNkxKJBqxtEkbSulpA
+-> ssh-ed25519 l/ODWA y/9+1Qy6hby0aCMikyadjl28Ft66G44pBQhJcmbvxnk
+sRFnG61r72tDGYz+WRnNFmnLpFQ9+ZfsZj+6nMAtEV8
+-> ssh-ed25519 7+5K3Q Yk4gRMySBLoMZx1PLolMXB5mr0vl8jhemD5gWDhX4nQ
+BCr8IzKrJAq4i++4tstMQdBax08naE6zXcBc5NG2PM4
+-> ssh-ed25519 fd/ZLQ DvoaL9OybtLLMfZ5PjrxZ65rrWoj1V+GVvqfBUOyJmE
+eiNmcBTdSm7ppdRzo8CGgc7aYF0zINhwlSCdJjtHb1o
+--- 1nEcpDp4PWeRi0LHEgeLKaq1OyLFPv5oi4viiTPpXXQ
+™@Õ‡ßòM,¶ãeAê³Eànüý*wí¨å?±Iu)w^G?›(ÖÜÕMßð€Ú’Ñš¬ê-šh†ÃAÆ‚fCOºÄþF¡Ý_ðì¡óù5„Ü8gØÌ›8’UYMý­¼eÍ0U±Csì+ž€D½™(	2ä¦ÿ«ÞÁžÍ<C5BE>ÖäxU!]u¨š‚@õ8׸œÜC"&çvà<76><EFBFBD>¸ñæ§
:A

secrets/secrets.nix

@@ -3,6 +3,7 @@ let
   heimdall = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBs+qYjpeAEHPFUQeatNkhKbXz8+A1VAl21jgifDYJK8";
   loki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+xpWCoBEO/pzAwS1ZZEsiLSarvSVkdxQEo49xma2PV";
   baldur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvZ7Z8GS4+1+9D6u/BDit4Eij5Ubbii2dzJ/+ecT8iR";
+  bragi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBKMV2vqlDvIkUefl5oEuVjVtjgFLEXyDKX2LWhVQsWT";
 
   # USERS
   root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz";
@@ -10,9 +11,10 @@ let
   users = [
     root
   ];
-  systems = [heimdall loki baldur];
+  systems = [heimdall loki baldur bragi];
 in {
   "traefik.age".publicKeys = systems ++ users;
   "wg-heimdall.age".publicKeys = systems ++ users;
   "wg-desktop.age".publicKeys = systems ++ users;
+  "rclone.age".publicKeys = systems ++ users;
 }