From 8c4e9f6641ca1ddeacd8b6fa75b0934fdb3f0f03 Mon Sep 17 00:00:00 2001
From: Crony Akatsuki <crony@cronyakatsuki.xyz>
Date: Wed, 7 May 2025 16:41:42 +0200
Subject: [PATCH] feat(servers): add baldur, the immortal

---
 flake.nix                          |  20 +++++++++++
 hosts/baldur/configuration.nix     |  27 +++++++++++++++
 hosts/baldur/disk-config.nix       |  54 +++++++++++++++++++++++++++++
 hosts/nixos/configuration.nix      |   3 ++
 modules/servers/baldur/default.nix |   1 +
 secrets/secrets.nix                |   3 +-
 secrets/traefik.age                | Bin 609 -> 719 bytes
 secrets/wg-desktop.age             | Bin 785 -> 895 bytes
 secrets/wg-heimdall.age            | Bin 986 -> 1096 bytes
 9 files changed, 107 insertions(+), 1 deletion(-)
 create mode 100644 hosts/baldur/configuration.nix
 create mode 100644 hosts/baldur/disk-config.nix
 create mode 100644 modules/servers/baldur/default.nix

diff --git a/flake.nix b/flake.nix
index 94e40f8..8ef310a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -105,6 +105,15 @@
           path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.loki;
         };
       };
+
+      baldur = {
+        hostname = "baldur";
+        profiles.system = {
+          sshUser = "root";
+          user = "root";
+          path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.baldur;
+        };
+      };
     };
 
     nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration {
@@ -141,6 +150,17 @@
         ];
       };
 
+      baldur = nixpkgs.lib.nixosSystem {
+        system = "aarch64-linux";
+        modules = [
+          disko.nixosModules.disko
+          agenix.nixosModules.default
+          ./hosts/baldur/configuration.nix
+          ./modules/servers/general
+          ./modules/servers/baldur
+        ];
+      };
+
       nixos = nixpkgs.lib.nixosSystem {
         specialArgs = {inherit inputs;};
         modules = [
diff --git a/hosts/baldur/configuration.nix b/hosts/baldur/configuration.nix
new file mode 100644
index 0000000..c89c1a3
--- /dev/null
+++ b/hosts/baldur/configuration.nix
@@ -0,0 +1,27 @@
+{
+  modulesPath,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disk-config.nix
+  ];
+
+  networking.hostName = "baldur";
+
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+  environment.systemPackages = map lib.lowPrio [
+    pkgs.curl
+    pkgs.neovim
+    pkgs.gitMinimal
+  ];
+
+  system.stateVersion = "24.05";
+}
diff --git a/hosts/baldur/disk-config.nix b/hosts/baldur/disk-config.nix
new file mode 100644
index 0000000..8f36ed4
--- /dev/null
+++ b/hosts/baldur/disk-config.nix
@@ -0,0 +1,54 @@
+{lib, ...}: {
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "lvm_pv";
+              vg = "pool";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [
+                "defaults"
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/hosts/nixos/configuration.nix b/hosts/nixos/configuration.nix
index 9aeaa29..f93b0c5 100644
--- a/hosts/nixos/configuration.nix
+++ b/hosts/nixos/configuration.nix
@@ -25,6 +25,9 @@
   # Enable flakes
   nix.settings.experimental-features = ["nix-command" "flakes"];
 
+  # Enable trusted users
+  nix.trustedUsers = ["root" "@wheel"];
+
   # Setup gpu
   hardware.graphics = {
     enable = true;
diff --git a/modules/servers/baldur/default.nix b/modules/servers/baldur/default.nix
new file mode 100644
index 0000000..6462967
--- /dev/null
+++ b/modules/servers/baldur/default.nix
@@ -0,0 +1 @@
+{...}: {}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 16ceaf6..c7811ad 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -2,6 +2,7 @@ let
   # SYSTEMS
   heimdall = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBs+qYjpeAEHPFUQeatNkhKbXz8+A1VAl21jgifDYJK8";
   loki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+xpWCoBEO/pzAwS1ZZEsiLSarvSVkdxQEo49xma2PV";
+  baldur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvZ7Z8GS4+1+9D6u/BDit4Eij5Ubbii2dzJ/+ecT8iR";
 
   # USERS
   root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz";
@@ -9,7 +10,7 @@ let
   users = [
     root
   ];
-  systems = [heimdall loki];
+  systems = [heimdall loki baldur];
 in {
   "traefik.age".publicKeys = systems ++ users;
   "wg-heimdall.age".publicKeys = systems ++ users;
diff --git a/secrets/traefik.age b/secrets/traefik.age
index adffe366b9e0f790fa434d951fb1fa86b23e5b8b..92a86c264a6f683bab578abc24392bf546f7fbb5 100644
GIT binary patch
delta 667
zcmaFJa-Ma9PJNb-iI28nL3pH7Zk|zyd6<QVk!ik1mUo_!zlD)+x^Yo*ag=Lvgm<Z1
zAXi{<RZwt2VVJ9rfoGa!saJlAv3^EzTB4I{V2-7$SxI?VM1_%lgolrxE0?aFLUD11
zZfc5=si~o*f|+(kU_qclQAnn-uZc-^MzO1-TV-mVetk+<WT<gus70BPuZO--Ri1Nh
zKvYtaMY5{_S9Vgddxl|AvcI8cxS4iXc2ty$NpY2ST9IeEzfrznfQ5H{VL*yyxkYX|
zx^+4F{x0E;3fYEXE~%xi-bG&d;fX#0>5(4U`FZ}%Ret&9<|Vn_{#jL~WfqQ!C4R-m
zfn46E`nlQp#`y-8kyZJ5LEg^kL8T_9#yQEp`AH#VW)=ZXCGL6YE&-MiffGN9*H`*w
znwl9#dZi@inff?}gr!Bfm>U`xS7v%-1s0o^`}k)Ccv=`bTl%<}aOH&=I^|d8msO_Z
z2d27JWF{JTMrG*-8JgtyI93EjMR)`n8G96E`V{JybLr~pDijz6m=@+4ITjjMmKB#r
zm^v932O639g@jdjWq1ag7p6J7*5?|RB~^N)mUB(XSBu%+mZ!H^N7QuV<l=(rH|`}L
z3Ko3(Gds^F`S>m2%B?%Jqr{Ro?dKP{^xeIy?2P}ugvc1Xb57d(AFt_}{bX96NX$=V
zHcN{#!yc8O*9>zlQWk{;P3c%|vD%qS|I>VnRg?LQ@8*7SnqH!^QZYj-e|wwob<XHp
z6S~dB-(6bpVT=BH$)H=?e?>1kvF41Z(uEDIC;vzFPqBM`###SbHRrhs{yp>Wnf`n_
w?T)J9<yh;Va$iiYoSH09T_PhsgW2J@0h8EUyN{EPef4LQVVM}<5GgGN0G3?#cmMzZ

delta 557
zcmX@l`jBOUPJK>9aZtLaYide(fon){db)+Lmv2~JiHS#QhGV*sMX-lip+!c9kG^l9
zE0=3lR!~8Cu4$2<V`_v?u48e4wvTCkP+(42WOAlyp=UsTNtHomak6EiE0?aFLUD11
zZfc5=si~o*f|+(kU_qcla7IM1TUnaBrBjl3scS)Yx?6TiN@7(-U`dvlV_0f|MWKI1
zRH1Q*Ns6HfS59J<MYgFyXi|#1ua}{>K}u?-qkCw1VPR2DnTe5qcABAKsY{BfbD2}*
z<akE$`a;hnlcI_ciz1_9f1m8)(nNE8pG?b$oC<C4C@)8SH(yKN<nYpr<RA}EE@y4+
zaBojTcSoZ_FMW@Kv@BP5uaJDBjEa&R^L%HMuppmo&!FUFa}O^^E?r$+g<PNTGK2J7
z3qMQ8^it>Wyo#y{k6`Bvf1|7{vr2<xNBy9ndKb5<5R*)2N3KYlAF`Z=rlpfLju!vj
zYk4p^N#j!Qw+||+Gj~Rnno1pLb#7mxE+#eq-5tp_Cu_gGeZ_a@Sc>)T3GLTXSkBhT
z7%jH?XWslPsQGl<B+Il}A-;h=^-QeNDMD8tnLqEbx0(FzhlFgZVb@-#cD-}<26NnH
zm9D;uON-{=y*uUQcSY}2E5%#AnkRhyG`pgH>6{l27F=GNWhJc7_CH<kPD{E<)W%gW
z^mo@wyc8_(s$8`u(L5``(Y`1tEr?e+KYF9~t|R4o%N84iIIUQ1pnR?7xvKPBsd@lN
CZPKv-

diff --git a/secrets/wg-desktop.age b/secrets/wg-desktop.age
index a1cadec6032d8015ccf5f40ee44682fda37bc644..5d2e451e335086ab1266d0de3e2910e454d212b6 100644
GIT binary patch
delta 845
zcmbQp_MdHnPQ8<*i>XssikWX@W~F(OPeo)zN?>-dc7~U$e}R91n{h~}ms!4LR%t{;
zGFPd)W2#GXK}J?ygl|Q0q+?E+VS%4Zs+U22XhgPaR<LDKp-H%BRIY1KK9{bYLUD11
zZfc5=si~o*f|+(kU_qdQuVF>HX=PDJkx68fdzM*HNxf%rW>#@XL7B6AiK#`pUx=A^
zV!A=1MW#nSSA}+!d1`WbL0X1EUQnrFnqz3Lvwn(Gj%8I^si#kPhO0@EXJ(d@pSy(x
zx^+4F{x0E;3QqaKuI7drUWx7%S?N_?UWOiN!DYD~8P3j$K1t!GK8C@j#-XW&p;1mo
z>0FM5k+}gOCMHQ{o-SUdi2-S4i9R95g+cCK*`{V0mA;ip0jY+exjyby#S=e@*BiJO
zMw*qS7#D?Wo4EVt7#1a&B&X+A6sCsz2Sg<6M^!~e8M_x|x|_KfaQQ@O=Q+DrWI9I_
zmPF<{78qN)Te_I#<hvSqmsmt*1V<zmdKncM8x$54bLr~pDrCDCRhbo8`Wc6KMtJGF
zdt^ss`&Fhpc_-%P7+FMB1es|2)+c*cm6n_P8gN|;m}{rJWge@v`d8HlDciojz3uqh
z<%r+$%Khd=676L#H*fUYb-n6#ed)>HmNVl#CRg6Ci?xiMtFI@jr2Xc8>wK>h-nR9(
zmjy-|&X~rh{pnTqDT&zo7p*Toep0o<K}(6jlIhGwC6{lN4@9~Dc5%2Qrm0pOm9nX4
zwX9zszH+NC|5usVnQq^k)Ndb;JloOsHuT~q{&WK~sS~l?@?~u%i82AqyjI7~Cm*nl
z(d3A_Hu2SLhh8xab)g-{Hcwb+r=X`i+4LSmgzx0LM?}`d&T$F#nsN2U_NkV;;^(xV
z@1FU`+1hh*q~Kk7t(Mh0C10GGTr3`5dE015PrXy*wN>t)-nZCkW*wS;+4&@U#43%z
z*|whXAt9e6zH*$jsaoTp`&!ELtgheQXBOKR%~1Mm`svS1)kX_@ncogVW|_-2g?|fo
zx+@#nnU=iIcKyMH{Mj9oy-GT^Dk+<3wFTRsSD1WZ<sK6OmuV;a{)F|<ddqWd^U_TM
aVItOLVm=1EGTqtt!}!?yW7b~TssaGLp-9mH

delta 735
zcmey*Hj!<DPJMA&W?GSZl$o1ZrE!FDig{R2aEME&X@O66lu5Ezw!2fRcfO;ct3g(I
zGM9E}glUq2L8+x@L12cTho@nRX?nh^XJJ)odY+k~zl*y|Qifw$d6t()K9{bYLUD11
zZfc5=si~o*f|+(kU_qdQdy0=|PJm-lR8&x?Z=i93r<;3$S!BMUaaEF2u49>Nep#fM
zhmmn;u~~3AmzREJd5&Xnsk5a=dWCz1pJS@ItGB*sL7qiuaAv57Z>F(!o@J%Bv1_pF
z<akE$dY_O?$Hbzv(vU<){~|YS)2JNhtnjRW#N<Fj_sa0dbg!^1|I(b)Aa@S~uEK~4
z%YaPtD$9ss;|y=_ppg6!Zzr!55AT#n3m>0E|7@3}$ddGk<jCw$E?r$+g(U6J)YQz#
z(!!MNtXwzG#0W?C;)qm3mvoQ($g+~ktk6uudb70jd=JOUNUo)<wsGzZ{NW4V#cf(S
zT{HKTy#8DR?-wo?<5}Mq_M5O&iCn(0_P9m-v=;(A>N8lpZWuE>H*>TwQq62|diKSj
z%&}Gd1eexDKV7LkjzP2PU9WfltyVnAa3^C@ur+VTf`a)M@1|@nF5RO#bHjm{Z~rUL
zRDQYo|4jXK{v2kr&w8G_HFmz^Z(bIgyCU(->HL%16-|=jU!Ki8U3jau)u+|P+kT3k
z;IltU2VP$Z3Ya{5O~oqn)3RTb&ad|HT7KH=+@FM%!Yb|O#p-6pl^#1V%}n3%<<A*P
zoDv&sCoG<O{zp&6t$p1OzIje-UF10FlfrHDwU;b3YuIEb*497h;ViAY?GqQIYQxL<
z)ME3w66voZL2k!W9|pcz^I*HdN!Gd7A}T_^F6KO7xZz;O%1YIUHEQo}Zd;&Ixp2-G
zh3C)09Ow7D#}@CLIb*>*_VpE^ySI0&UUz$eR`1t8KF-G_-Z!qwduSD;UG5^$>1*bG
j<ls(Mefa_(|2O~Y9-avl<UOoxIysYbZ)UZIc10clSJp1s

diff --git a/secrets/wg-heimdall.age b/secrets/wg-heimdall.age
index 3af4512a715cff5202e0be90dcb283d6d8c58999..1d484474a0ff2f3ba40e7de33a77f4252103aac0 100644
GIT binary patch
delta 1047
zcmcb`eu86yPJM1=cwkPHYoSkMsgp@*NlJLWc3EYqM{-U^YE+I<v45niuU}54t9M{k
zD3^Iwx<z_$QkJ)YrG9R<k$$L!L4a3qmS>J<Zbo=SR#;$3nR~K+Wk$GnK9{bYLUD11
zZfc5=si~o*f|+(kU_qclVMSSDQdL-rTbhSOQblHRS$$P;a(bGPbC`QUlBruzPH|yL
zgjZ!?v1M>5S6QN0X;y)Sfs2Kauc2{Nl3!+GvSoy~hjVH{WlmmBWl(02x4)lXj%8Rf
zx^+4F{x0E;3jUF4Ci(`E9_E$)A!TMpS^g23&S|beS=mVyRi+*;r4~M>7AYYX=I&8$
z23$FYrD5(7K^7)%rD;)NC0Q<>#z`K9W!_~zVJ;DFDZ%>A5xxdRfw}4Wo)bTc*LxO*
zxTKkzSXKpE8b?HgT0|D58$@K9hDT(%8@V|7`a~HOgq39by9S1Ma;0l0Wd|Ag<`+bo
z>gN{bSOkYgnWU8Fr6v0%n;HaGWTYf|R#rM@gq8<;a_Q>oDmeLN8C9AYc~qtr`5Oj@
zIu=G4Ryuq6SsHpKmj^m}ggZwW))!V-7MD0>T5xUh=HBpcKG&wmoLMK^xpyi~6}eXH
zS|fYR(C$Ozlg#FS|5(E!&%OK?tGBwo*7lHK2G9JJVL73SyV@1x|F-6=OSE?SP$3=n
zCojDJB&VH7;QkqfQzj=qJj)?H>&v~Zm)PDK<~P~j(fIpKQ^fA!weKg`6cz_hI95^5
z$u;+NMN9gB(UZ>~D`zCdt-WZIDfoYZ!=7@}kCzMAR9ZwY-fxm^RPc3W`R@jX(l?73
zwYPBoR^PTsElNqN#X)dZ>wm^t6Y;Z`ls-l|&$j4KHgxe^$NzMiA(NBM;(Nj?{Z6hC
z{Jrer*SGH#O&;lG`<+kypre<s#3Qm<ennYUbiHKgw->#>3je~Viiw;w{HbVScB!BB
zWmZ#n)%5g5EgXq<P0trxow?ENyu^aL3LbhB^4TT%I=;Uw*&tN4rRetVmI!bCIhz>b
zW0oA6pAl*25Px<~->;>Dx`B^f>|1B^|0t<{?R+iM;;ZG;FpKalizmou>M=jH4bzx=
z|KpJh$9A5sckcY;apz<E%*`%rr#e^7o?Gm*s+uE@xjftQ&9;=V59Oun59{3g^-xK3
zdY$FA`nx|;^YX-Ur@d-;_G=E`ktE(N%puzE^!eH<H@Tc&UiomU_<7+KaSB}wZ(DU<
z>@|^j_xVNXlA{u7*#}tq-1L1oTzKz(v-@JFs>Sv5nbS?ylUKt{RZ5c+`Lus6+NsL!
z*xYue_o~XdiRZKrL~(D_5n_rur`>l-Civy~X+6PbCh<LaR<S&Gr);>_i5f|Fw|e^&
e9busq<MUB}&UPNCIo}i`o)Ent|2404$bA3@(Xqk+

delta 937
zcmX@Xaf^L|PJM{6S*CApvUZ}cV^nEgXqu;UL~f~1X{fnhl73dcxnXvMm%B+;l0k;C
z0hgIcq-lU}m~%*Saf(TBN>OT+g<HBsU{s`|xtpOyMp0NuMovg>j!S-~BbTn7LUD11
zZfc5=si~o*f|+(kU_qclqHlgdNqTmso4c`ox@)FquA8ZcUtoE*QEEj-g+XLcVpVRU
zMObE)nWeEKmv^>vlyQoOzq7GxgoTTCM6g9@d7^%#Ym%>Do?AhAiBptsetCsuq=~7)
z<akE$diP*U5A(o8^Bg0uB9oM$0H-Ra5`CZ2F#SZIs!XSd+yZUSD)Y(^4`*WoE^~{N
zuvE946rUW^VCO35s?acfuk_TswCqsVtmG22@Cu`dK+ga}r*h|XE?r$+1wZegu!z#i
z3}Z)gzhcXf9B1Rg+^R4~OZS3c)1uIV%o4}s`g|w-tib$y6Rt_7kM_+v^e*3cw%*Kr
ziz4U!J#juR#64g|U{uJQ<1=sP%-=FwPd09ML9b8ES&f3bHoFeo7Ej*Xr_A)?Ub2)#
z;P0Rr)BHA9p0o{)P>A~`sxv9>=uNk|(Jmh|4s%|7sefPT^9R<a;@{SDK8X@Ll6cm$
zU+c;0mG9ovdvJcZlyq`k<sr%T*Hdnt>%IR|y+f(4YW9gAU&`P29-pKT;E{YVOu2Vi
zSL_>!KixGiDwf-eY<{~T@$Am8*8677m7BMJ(Sd?jpU=#g7q?&wlcd1A#vavMj&?G<
z4$l@uMt110jW=G9Y~(ewx?-Zk`U|g?pD(zo$6vh8O`=+K9xG3M<;lq>Z%+}IRAHU?
z!CC6tS*F6*U8R|#r`gQ6{|x_c=h_v?#Gc-NWYM{45*yrSx8FY_#pS)s-azZ3h--F}
z#Q#5r_EYA|X!#qfrAjTH%l)^hY}0ayh1;g{&DXQt`HshT)2E3yFYkVO!`fbm>0?4(
z5X%eczXvr#N)O$a3Y~wir=nhJDpz8X>BovHfvXi^ruFYqOKke$zC<V3{i?V7UOZKB
z+Nb7~8{{*}6Jrb(uIJyS{7l{LnE}Hbl`74{9sXPFXYo`8hMKl!#VVd?Q(Jbx$fG0o
z4{xaD*VitJ>tgoL*#7bXU&p&A(IG)QQ{9AafBUI><6M2)sVBXwPAx8q{gccR{>AOZ
zhX!krEeC{uC%I{HmMEXR^dU*!;6mc@iAtVtyjHJ0`rK|q-7{atYpXZ>dh$c>*;(C6
pubILZ?Ad%4K40_2w)H^RG~<Yw?ct~I2Hng3_k7jXD-ppF^8o`snX>=@