crony/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(servers): add thor.

Browse source
This commit is contained in:
CronyAkatsuki 2025-05-10 06:34:13 +02:00
parent 5e714db69f
commit 5b3cb422e0
10 changed files with 147 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

20
flake.nix
View file

@ -123,6 +123,15 @@
path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.bragi; path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.bragi;
}; };
}; };
thor = {
hostname = "thor";
profiles.system = {
sshUser = "root";
user = "root";
path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.thor;
};
};
}; };
nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration { nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration {
@ -181,6 +190,17 @@
]; ];
}; };
thor = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
disko.nixosModules.disko
agenix.nixosModules.default
./hosts/thor/configuration.nix
./modules/servers/general
./modules/servers/thor
];
};
nixos = nixpkgs.lib.nixosSystem { nixos = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs;}; specialArgs = {inherit inputs;};
modules = [ modules = [

41
hosts/thor/configuration.nix Normal file
View file

@ -0,0 +1,41 @@
{
modulesPath,
lib,
pkgs,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
./disk-config.nix
];
networking.hostName = "thor";
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
environment.systemPackages = map lib.lowPrio [
pkgs.curl
pkgs.neovim
pkgs.gitMinimal
];
networking.useNetworkd = true;
systemd.network.enable = true;
systemd.network.networks."10-wan" = {
matchConfig.Name = "enp1s0"; # either ens3 or enp1s0 depending on system, check 'ip addr'
networkConfig.DHCP = "ipv4";
address = [
# replace this address with the one assigned to your instance
"2a01:4f9:c013:ce0d::1/64"
];
routes = [
{Gateway = "fe80::1";}
];
};
system.stateVersion = "24.05";
}

54
hosts/thor/disk-config.nix Normal file
View file

@ -0,0 +1,54 @@
{lib, ...}: {
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}

1
modules/servers/thor/default.nix Normal file
View file

@ -0,0 +1 @@
{...}: {}

BIN
secrets/navidrome.age
View file

Binary file not shown.

26
secrets/rclone.age
View file

@ -1,13 +1,15 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 2P4nKw qCVX3JMWNQLJXRSVASI2wq4833CucZ8dkp7SHItiVBs -> ssh-ed25519 2P4nKw xvG3qjGJWZpTbNq0guN3Mn4MqSgwCpzFRAn+OG0TEyc
np04RcZXq7QnSTG68F2tk7nfaB8yKATEO+qVEZQJ4/E ngxenbGpR5AwMXFGOB64bGFdhSCKLJd8ZIgzm0dqbIo
-> ssh-ed25519 6+hQpQ rWsDHc5UWMkyjSkc+S/Y0G5c4sn2nm8uiwdHiFLxCVI -> ssh-ed25519 6+hQpQ VETaeP/m2gn8NzkmUarz+jkexePixAVkG6i0u+ZPQAM
oIU9myTYDBjYE7K7YEH3D9CJ4hNkxKJBqxtEkbSulpA fYp1Z9wUoc/ieSAFdVEYCrNO5DnZOJY0V06PwGZL24c
-> ssh-ed25519 l/ODWA y/9+1Qy6hby0aCMikyadjl28Ft66G44pBQhJcmbvxnk -> ssh-ed25519 l/ODWA PdPEB2bWErAlOMpOuzD0aJEl3KHuaWaZnuLU3G791FA
sRFnG61r72tDGYz+WRnNFmnLpFQ9+ZfsZj+6nMAtEV8 eZ9Ijf6SotwarAPDERkxCinb4mUwyanXV3FkIcIOQpU
-> ssh-ed25519 7+5K3Q Yk4gRMySBLoMZx1PLolMXB5mr0vl8jhemD5gWDhX4nQ -> ssh-ed25519 7+5K3Q TL7zp0FMvGYfREdryz9aP5EFBZgEg4ai63cLJnlFxEw
BCr8IzKrJAq4i++4tstMQdBax08naE6zXcBc5NG2PM4 HXhYexDp3FQrZHOKSiSEhauzHzTDTKbYUZ72WcHt1IE
-> ssh-ed25519 fd/ZLQ DvoaL9OybtLLMfZ5PjrxZ65rrWoj1V+GVvqfBUOyJmE -> ssh-ed25519 Ow0TGw RjQw98YVsi7+rctOh9/8O+LhYbrP5EJCVuqTccAJ7HQ
eiNmcBTdSm7ppdRzo8CGgc7aYF0zINhwlSCdJjtHb1o jymtMzvlutJytzB8oybAXwZvlu0q2Y/iUt6Ujk8iSig
--- 1nEcpDp4PWeRi0LHEgeLKaq1OyLFPv5oi4viiTPpXXQ -> ssh-ed25519 fd/ZLQ T14OqJ/S+A66mJ6uUoxn46uDTjhBNs0cShI9cUCAKn4
™@Õ‡ßòM,¶ãeAê³Eànüý*wí¨å?±Iu)w^G?(ÖÜÕMßð€Ú’Ñš¬ê-šh†ÃAÆfCOºÄþF¡Ý_ðì¡óù5„Ü8gØÌ8UYMý­¼eÍ0U±Csì+ž€D½™( 2ä¦ÿ«ÞÁžÍ<C5BE>ÖäxU!]u¨š@õ8׸œÜC"& çvà<76><EFBFBD>¸ñæ§ :A kAhVCdDE+ZYYaQRI4Wi8M1ZRub7TPPIQ0ey1UO2IhEY
--- 8a01nOAShMmHz6+ZTqJPCbGRMieGraVEpFLieSRbEcY
“(sí¦«þßXjá¸ûùÙÕÀv%|Öÿ=TÒ <0B>}!ëëõ;%Àc]'ôîÞ>¤Ö­XÿDí¿Ï‰5¯<35>7[&¿¤Ý#û&ý!TzwÇéç³ <0A>oŽP‡WF†”žmW#c"P•ýÜ,ìþ£4àˆ(%]Þ0¾<30>zqwñgmEÆÍã¸ðšË³sóƒóX«1ØÈœøi-`Ý:¡Œ›*¥§3qa7í²S

3
secrets/secrets.nix
View file

@ -4,6 +4,7 @@ let
loki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+xpWCoBEO/pzAwS1ZZEsiLSarvSVkdxQEo49xma2PV"; loki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+xpWCoBEO/pzAwS1ZZEsiLSarvSVkdxQEo49xma2PV";
baldur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvZ7Z8GS4+1+9D6u/BDit4Eij5Ubbii2dzJ/+ecT8iR"; baldur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvZ7Z8GS4+1+9D6u/BDit4Eij5Ubbii2dzJ/+ecT8iR";
bragi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBKMV2vqlDvIkUefl5oEuVjVtjgFLEXyDKX2LWhVQsWT"; bragi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBKMV2vqlDvIkUefl5oEuVjVtjgFLEXyDKX2LWhVQsWT";
thor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHZGQLUhyLwmkTYhSccqO8umQJN0QHk6YaD863x7lcGv";
# USERS # USERS
root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz"; root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz";
@ -11,7 +12,7 @@ let
users = [ users = [
root root
]; ];
systems = [heimdall loki baldur bragi]; systems = [heimdall loki baldur bragi thor];
in { in {
"traefik.age".publicKeys = systems ++ users; "traefik.age".publicKeys = systems ++ users;
"wg-heimdall.age".publicKeys = systems ++ users; "wg-heimdall.age".publicKeys = systems ++ users;

27
secrets/traefik.age
View file

@ -1,13 +1,16 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 2P4nKw 3TKXwwnX2Ocpo2pVsCU82KypJ7wFNO9OJlurMdRgo3A -> ssh-ed25519 2P4nKw lWJjHKYXGRRcNN2xrObreMJ+FTuUluF2KNBIpPT44Tc
qfmmz4Hn/UI7Aj0pyJOCschk5phTeycLPs9rJr0RZyA d0fGThyRx/fDeW2hHqd+yugr+QzXUkphVgs7OQ3mG6E
-> ssh-ed25519 6+hQpQ FGRJpBdyvap0x6L9YXyZRFR59b5IgPzQZGUlmuxHQFg -> ssh-ed25519 6+hQpQ 1+DKXrD3/RScn2pXu0Wm/3ql1v0kWdiZsan4UOvHnEE
sySpx8dzSKOVDSaj+YNPYdBZLBK4QvKOrIkYFVqY8TQ cXEDwSEaGbBUA920OLBq6beeJEexOz5iQRMyRwLSYzg
-> ssh-ed25519 l/ODWA zTs7AxW1tGA9qrTUYHd2ZRzZygJKXim4ufyW98iHj0I -> ssh-ed25519 l/ODWA YAuYlX3Ch8UJCvNYh5DM90G0TTP/AkaDUFfyw4SeTiI
HZn8hf/wrXEnoqu5yRrVY+DlzALiBjOhpEzY1P4/G/E Y27RNP0ReuRofqld6l3Q/bpRadfLuRgzLyUmXYPjjRg
-> ssh-ed25519 7+5K3Q o1lJBgbwoAgNnMYVdAZHmgyPtpg/OdyLaW3w5dsIE1A -> ssh-ed25519 7+5K3Q VMW97s3k3cCh/CEqNUMb8cbkkbT/YTnMJd9GqcTW4Dk
tlDLwrvkdrXbSNgWa4DU8bUI4DwbtduOmMAasGppou8 FtizTODpAGyE44ODkZZMjLJ+kX11dKyVeKoC8PKAkf4
-> ssh-ed25519 fd/ZLQ AXw77EFOBLHtjDPbNgR7/wW3o9heWqiwMxGwvy12i2g -> ssh-ed25519 Ow0TGw WnrtP1dCRn2xJ47KbeaVGNvb4CNsZ1BI43TMu3EOYRU
f06IAJYuaeydMN6QNB8GLv5O8Qf/5NYjZNSt8CEn370 QYrBaza+uHBpQvEVgRBaz90VKtgp3+ULiCY9cQ/OT3w
--- BXQO69Tj8g+ooq7mzNA+soBDjtbb9eu58BpTf+FugyA -> ssh-ed25519 fd/ZLQ VOWE6H7Qe+aBiheT88uEN37JNP5aHesQSHFzCMQ0+38
ãÕò‰bód.§Õêyô\"òJäÜ­5>H@X£Èͱ|å%<\|[ßZŽíY*2vÇ•GïD1² j<><>þ ;Õ=&õT)Û6Ô&ãl†1™b‡²ßEžSÓgÆ¿™{Á<>,mÛ÷ÑÛÙ«‹½Vv{"OªE<C2AA>H¥„âçâUI<08>Ãá™æsŸ½1*´mÍg9á|òJ®?ór)ì<>è™ú¦bËÛ¤—ìgtñP5ÎÑ#+Ñ[¾M}»…“ ü¡ÀØŽéb vOdQovVfMdqF2YptVwKYHWLkifF5s6bJPik1hFVIPkE
--- hLmH7wM59VfM49mr+srk1I6Qa7ghTOGy06Uo03u4bTc
Ôûȇ†÷É=>3AÄ<41>¸iÞNÏÆq¼Î×—Òz÷Z1¶w™ v¬Ô—?µ Ÿb¤ŽëªKq4.ƺÁ[îÕk¼ö-¹^Ñâi…³cp œ~ šèv1e<31>Ò€M&⻲¥¸€daÏg&Þ¹•N#•rÈo0¦x&\úªjúÇQgdΙé¹Ð~¢¹i¡„4GIb-iKõš—ìWOîdèú÷ ³ÆD½k$?̓#^…ÈãÊó<C38A>'o55 w%,$"þ
˜Ãf4X$:lª

BIN
secrets/wg-desktop.age
View file

Binary file not shown.

BIN
secrets/wg-heimdall.age
View file

Binary file not shown.