diff --git a/flake.nix b/flake.nix index 6bd72d7..9c0cd67 100644 --- a/flake.nix +++ b/flake.nix @@ -123,6 +123,15 @@ path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.bragi; }; }; + + thor = { + hostname = "thor"; + profiles.system = { + sshUser = "root"; + user = "root"; + path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.thor; + }; + }; }; nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration { @@ -181,6 +190,17 @@ ]; }; + thor = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + disko.nixosModules.disko + agenix.nixosModules.default + ./hosts/thor/configuration.nix + ./modules/servers/general + ./modules/servers/thor + ]; + }; + nixos = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ diff --git a/hosts/thor/configuration.nix b/hosts/thor/configuration.nix new file mode 100644 index 0000000..cda9fca --- /dev/null +++ b/hosts/thor/configuration.nix @@ -0,0 +1,41 @@ +{ + modulesPath, + lib, + pkgs, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ./disk-config.nix + ]; + + networking.hostName = "thor"; + + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; + + environment.systemPackages = map lib.lowPrio [ + pkgs.curl + pkgs.neovim + pkgs.gitMinimal + ]; + + networking.useNetworkd = true; + systemd.network.enable = true; + systemd.network.networks."10-wan" = { + matchConfig.Name = "enp1s0"; # either ens3 or enp1s0 depending on system, check 'ip addr' + networkConfig.DHCP = "ipv4"; + address = [ + # replace this address with the one assigned to your instance + "2a01:4f9:c013:ce0d::1/64" + ]; + routes = [ + {Gateway = "fe80::1";} + ]; + }; + + system.stateVersion = "24.05"; +} diff --git a/hosts/thor/disk-config.nix b/hosts/thor/disk-config.nix new file mode 100644 index 0000000..8f36ed4 --- /dev/null +++ b/hosts/thor/disk-config.nix @@ -0,0 +1,54 @@ +{lib, ...}: { + disko.devices = { + disk.disk1 = { + device = lib.mkDefault "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/modules/servers/thor/default.nix b/modules/servers/thor/default.nix new file mode 100644 index 0000000..6462967 --- /dev/null +++ b/modules/servers/thor/default.nix @@ -0,0 +1 @@ +{...}: {} diff --git a/secrets/navidrome.age b/secrets/navidrome.age index 01d239e..723c0ae 100644 Binary files a/secrets/navidrome.age and b/secrets/navidrome.age differ diff --git a/secrets/rclone.age b/secrets/rclone.age index 8d3b4a7..62ae867 100644 --- a/secrets/rclone.age +++ b/secrets/rclone.age @@ -1,13 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 2P4nKw qCVX3JMWNQLJXRSVASI2wq4833CucZ8dkp7SHItiVBs -np04RcZXq7QnSTG68F2tk7nfaB8yKATEO+qVEZQJ4/E --> ssh-ed25519 6+hQpQ rWsDHc5UWMkyjSkc+S/Y0G5c4sn2nm8uiwdHiFLxCVI -oIU9myTYDBjYE7K7YEH3D9CJ4hNkxKJBqxtEkbSulpA --> ssh-ed25519 l/ODWA y/9+1Qy6hby0aCMikyadjl28Ft66G44pBQhJcmbvxnk -sRFnG61r72tDGYz+WRnNFmnLpFQ9+ZfsZj+6nMAtEV8 --> ssh-ed25519 7+5K3Q Yk4gRMySBLoMZx1PLolMXB5mr0vl8jhemD5gWDhX4nQ -BCr8IzKrJAq4i++4tstMQdBax08naE6zXcBc5NG2PM4 --> ssh-ed25519 fd/ZLQ DvoaL9OybtLLMfZ5PjrxZ65rrWoj1V+GVvqfBUOyJmE -eiNmcBTdSm7ppdRzo8CGgc7aYF0zINhwlSCdJjtHb1o ---- 1nEcpDp4PWeRi0LHEgeLKaq1OyLFPv5oi4viiTPpXXQ -@ՇM,eAEn*w?Iu)w^G?(Mڒњ-hAƂfCOF_58g̛8UYMe0UCs+D( 2͐xU!]u@8C"& v :A \ No newline at end of file +-> ssh-ed25519 2P4nKw xvG3qjGJWZpTbNq0guN3Mn4MqSgwCpzFRAn+OG0TEyc +ngxenbGpR5AwMXFGOB64bGFdhSCKLJd8ZIgzm0dqbIo +-> ssh-ed25519 6+hQpQ VETaeP/m2gn8NzkmUarz+jkexePixAVkG6i0u+ZPQAM +fYp1Z9wUoc/ieSAFdVEYCrNO5DnZOJY0V06PwGZL24c +-> ssh-ed25519 l/ODWA PdPEB2bWErAlOMpOuzD0aJEl3KHuaWaZnuLU3G791FA +eZ9Ijf6SotwarAPDERkxCinb4mUwyanXV3FkIcIOQpU +-> ssh-ed25519 7+5K3Q TL7zp0FMvGYfREdryz9aP5EFBZgEg4ai63cLJnlFxEw +HXhYexDp3FQrZHOKSiSEhauzHzTDTKbYUZ72WcHt1IE +-> ssh-ed25519 Ow0TGw RjQw98YVsi7+rctOh9/8O+LhYbrP5EJCVuqTccAJ7HQ +jymtMzvlutJytzB8oybAXwZvlu0q2Y/iUt6Ujk8iSig +-> ssh-ed25519 fd/ZLQ T14OqJ/S+A66mJ6uUoxn46uDTjhBNs0cShI9cUCAKn4 +kAhVCdDE+ZYYaQRI4Wi8M1ZRub7TPPIQ0ey1UO2IhEY +--- 8a01nOAShMmHz6+ZTqJPCbGRMieGraVEpFLieSRbEcY +(sXjv%|=T }!;%c]'>֭XDω57[&#&!Tzw oPWFmW#c"P,4(%]0zqwgmE˳sX1Ȝi-`:*3qa7S \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d097065..c0752c7 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -4,6 +4,7 @@ let loki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+xpWCoBEO/pzAwS1ZZEsiLSarvSVkdxQEo49xma2PV"; baldur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvZ7Z8GS4+1+9D6u/BDit4Eij5Ubbii2dzJ/+ecT8iR"; bragi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBKMV2vqlDvIkUefl5oEuVjVtjgFLEXyDKX2LWhVQsWT"; + thor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHZGQLUhyLwmkTYhSccqO8umQJN0QHk6YaD863x7lcGv"; # USERS root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz"; @@ -11,7 +12,7 @@ let users = [ root ]; - systems = [heimdall loki baldur bragi]; + systems = [heimdall loki baldur bragi thor]; in { "traefik.age".publicKeys = systems ++ users; "wg-heimdall.age".publicKeys = systems ++ users; diff --git a/secrets/traefik.age b/secrets/traefik.age index 836d85f..9b740bb 100644 --- a/secrets/traefik.age +++ b/secrets/traefik.age @@ -1,13 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 2P4nKw 3TKXwwnX2Ocpo2pVsCU82KypJ7wFNO9OJlurMdRgo3A -qfmmz4Hn/UI7Aj0pyJOCschk5phTeycLPs9rJr0RZyA --> ssh-ed25519 6+hQpQ FGRJpBdyvap0x6L9YXyZRFR59b5IgPzQZGUlmuxHQFg -sySpx8dzSKOVDSaj+YNPYdBZLBK4QvKOrIkYFVqY8TQ --> ssh-ed25519 l/ODWA zTs7AxW1tGA9qrTUYHd2ZRzZygJKXim4ufyW98iHj0I -HZn8hf/wrXEnoqu5yRrVY+DlzALiBjOhpEzY1P4/G/E --> ssh-ed25519 7+5K3Q o1lJBgbwoAgNnMYVdAZHmgyPtpg/OdyLaW3w5dsIE1A -tlDLwrvkdrXbSNgWa4DU8bUI4DwbtduOmMAasGppou8 --> ssh-ed25519 fd/ZLQ AXw77EFOBLHtjDPbNgR7/wW3o9heWqiwMxGwvy12i2g -f06IAJYuaeydMN6QNB8GLv5O8Qf/5NYjZNSt8CEn370 ---- BXQO69Tj8g+ooq7mzNA+soBDjtbb9eu58BpTf+FugyA - bd.y\"J5>H@Xͱ|%<\|[ZY*2vǕGD1 j[ ;=&T)6&l1bESgƿ{,m٫Vv{"OEHUIs1*mg9|J?r)蛙bۤgtP5#+[M} ؎b \ No newline at end of file +-> ssh-ed25519 2P4nKw lWJjHKYXGRRcNN2xrObreMJ+FTuUluF2KNBIpPT44Tc +d0fGThyRx/fDeW2hHqd+yugr+QzXUkphVgs7OQ3mG6E +-> ssh-ed25519 6+hQpQ 1+DKXrD3/RScn2pXu0Wm/3ql1v0kWdiZsan4UOvHnEE +cXEDwSEaGbBUA920OLBq6beeJEexOz5iQRMyRwLSYzg +-> ssh-ed25519 l/ODWA YAuYlX3Ch8UJCvNYh5DM90G0TTP/AkaDUFfyw4SeTiI +Y27RNP0ReuRofqld6l3Q/bpRadfLuRgzLyUmXYPjjRg +-> ssh-ed25519 7+5K3Q VMW97s3k3cCh/CEqNUMb8cbkkbT/YTnMJd9GqcTW4Dk +FtizTODpAGyE44ODkZZMjLJ+kX11dKyVeKoC8PKAkf4 +-> ssh-ed25519 Ow0TGw WnrtP1dCRn2xJ47KbeaVGNvb4CNsZ1BI43TMu3EOYRU +QYrBaza+uHBpQvEVgRBaz90VKtgp3+ULiCY9cQ/OT3w +-> ssh-ed25519 fd/ZLQ VOWE6H7Qe+aBiheT88uEN37JNP5aHesQSHFzCMQ0+38 +vOdQovVfMdqF2YptVwKYHWLkifF5s6bJPik1hFVIPkE +--- hLmH7wM59VfM49mr+srk1I6Qa7ghTOGy06Uo03u4bTc +ȇ=>3AčiNqחzZ1w vԗ? bKq4.ƺ[k-^icp ~ v1eҀM&dag&޹N#ro0x&\jQgdΙ~i4GIb-iKWOd Dk$?̓#^'o55w%,$" +f4X$:l \ No newline at end of file diff --git a/secrets/wg-desktop.age b/secrets/wg-desktop.age index 16a7d0b..a415364 100644 Binary files a/secrets/wg-desktop.age and b/secrets/wg-desktop.age differ diff --git a/secrets/wg-heimdall.age b/secrets/wg-heimdall.age index eb32fec..f9e195e 100644 Binary files a/secrets/wg-heimdall.age and b/secrets/wg-heimdall.age differ