feat(nixos): +neuro system

.sops.yaml

@@ -2,6 +2,7 @@ keys:
   - &snuff        age1w4hw2ntxrtfqhht63s9lf7nhjxjmdcc927hndn5ygcqqj532qssq4m2m6p
   - &yukkop       age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h
   - &bfs-server   age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
+  - &neuro-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
 
 creation_rules:
   - path_regex: sus/home.xray.yaml$
@@ -15,3 +16,9 @@ creation_rules:
         - *snuff
         - *yukkop
         - *bfs-server
+
+  - path_regex: sus/neuro.yaml$
+    key_groups:
+      - age:
+        - *yukkop
+        - *neuro-server

flake.nix

@@ -73,16 +73,17 @@
     packages.${system}         = import ./package            { inherit flake self inputs pkgs system; };
     devShells.${system}        = import ./devshell           { inherit flake self inputs pkgs system; };
     legacyPackages.${system}   = import ./legacy             { inherit flake self inputs pkgs system; };
-    nixosConfigurations        = {};  
     checks.${system}           = import ./test               { inherit flake self inputs pkgs system; };
   }) // {
     lib = self-lib;
     overlays.default           = import ./overlay            { inherit flake self inputs; };
     nixosModules               = import ./nixos/module       { inherit flake self inputs; };
     templates                  = import ./template           { inherit flake self inputs; };
-    nixosConfigurations
+    nixosConfigurations = {
       # NOTE(yukkop): in bfs one of dependencies is shadow-4.17.4 that
       # unsupported on aarch64-darwin
-      ."bfs|x86_64-linux"      = import ./nixos/system/bfs  { inherit flake self inputs; system = "x86_64-linux"; };
+      "bfs|x86_64-linux"       = import ./nixos/system/bfs   { inherit flake self inputs; system = "x86_64-linux"; };
+      "neuro|x86_64-linux"     = import ./nixos/system/neuro { inherit flake self inputs; system = "x86_64-linux"; };
+    };
   };
 }

nixos/system/neuro/default.nix

@@ -0,0 +1,20 @@
+{
+  flake,
+  self,
+  inputs,
+  system,
+  ...
+}: let
+  # Use folder name as name of this system
+  name = builtins.baseNameOf ./.;
+
+in self.lib.nixpkgs-lib.nixosSystem {
+  pkgs = import inputs.nixpkgs { 
+    inherit system;
+    overlays = [ self.overlays.default ];
+  };
+  modules = [
+    { networking.hostName = name; }
+    (import ./${name}.nix { inherit flake self inputs; })
+  ];
+}

nixos/system/neuro/neuro.nix

@@ -0,0 +1,88 @@
+{
+  inputs,
+  flake,
+  self,
+}: {
+  lib,
+  pkgs,
+  modulesPath,
+  config,
+  ...
+}: let
+  xrayPort = 10086;
+  matrixDomain = "accord.tube";
+in {
+  imports = [
+    self.nixosModules.hectic
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJZFglwpPMFLnQDOqi84nlMFktZSSu1GzUIafvClUaD''
+  ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "nvme"
+    "usbhid"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = ["nvme"];
+
+  disko.devices = {
+    disk.nvme0n1 = {
+      device = lib.mkDefault "/dev/nvme0n1";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          ESP = {
+            size = "1G";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            size = "100%";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+            };
+          };
+        };
+      };
+    };
+  };
+
+  networking = {
+    networkmanager.enable = true;
+    useDHCP = lib.mkDefault true;
+    interfaces.enp5s0.useDHCP = lib.mkDefault true;
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        80 443
+      ];
+    };
+  };
+
+  hardware.enableRedistributableFirmware = true;
+
+  hectic = {
+    archetype.base.enable = true;
+    archetype.dev.enable  = true;
+  };
+
+  sops = {
+    gnupg.sshKeyPaths         = [ ];
+    age.sshKeyPaths           = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    defaultSopsFile           = ../../../sus/neuro.yaml;
+  };
+}

sus/neuro.yaml

@@ -0,0 +1,25 @@
+wifi-env: ENC[AES256_GCM,data:omeOzokH2ON9tCvWdEAAooVWe1I2,iv:A3J+5iDymR88xwnJNEEVydfiNjnSE1nyx/rBS2xdjQ4=,tag:TFcu2vtVOLG8Vdft3YRvww==,type:str]
+sops:
+    age:
+        - recipient: age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3c0FJa3p4TTlFRk01Y2U4
+            a2FOWS8rYy9pSzVvNnFvdU1aYkF0QTUwakFZCks4cG9PdE14cVdXa0M3SCtCQWpS
+            UEc1TVhVc1JBdTJQb0NiWitxRmkrZ2cKLS0tIFhOOUg5THozUHZMZmYzeDlpZE0x
+            WFhVWWVuUVVXYzhwTWtzamFmSGc5L1kKmkEV+PRreL39DPLDqpiVq18n3DNUZbye
+            G+GU1Uryll85az9juzztvlyhJxcUnJk1L1HUpfFfONR+ph4VgbC7OA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOM2QxMFNyaGZuWS91MFpD
+            WUczU3lDbjZiSUpkcC94QW5XdkIvVnBYdzAwCjZqQmRldWFEUUJ6NDBIY2hDeEpv
+            QjYwRmhNaUNFMzV0V0FRYnVDSllKNncKLS0tIFdYSmNpV1Axb0JsRC9ka2FzdFNp
+            K3Z0eTVZT0FYTzhiUHUwMnF5NFJxY1kKvPpfuE+3zCs0RnxXLSeuZb11670D7bVT
+            VObBGfwKYxsjIQBIlzmWZ90oEI874dLjXgvdC0rRexbWQvjEf0bGtw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-12-26T08:50:00Z"
+    mac: ENC[AES256_GCM,data:7y0VzBoWg2nP6QIOl9xGt+g22r2m/KSJ2ePKTLDDreSieVvEnv5ObwqzS84LyAzw6p9smmvZxiR3BxJrmrdXtoSaFufFgltJ9r41ftYTVSiiCcJXACwAnRX3LIYbooZk48kRqwV68n4+frmuH4oeBWqfwaONV2v2F8TuTJejJIg=,iv:PHqEWTN8dAoUR/Pb2HTGs2Pz96vCgdP5d622fmQC2RM=,tag:MWswXZbSpqDFJ+ZvFQ3jig==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2