feat(nixos): +neuro system
This commit is contained in:
13
.sops.yaml
13
.sops.yaml
@@ -1,7 +1,8 @@
|
|||||||
keys:
|
keys:
|
||||||
- &snuff age1w4hw2ntxrtfqhht63s9lf7nhjxjmdcc927hndn5ygcqqj532qssq4m2m6p
|
- &snuff age1w4hw2ntxrtfqhht63s9lf7nhjxjmdcc927hndn5ygcqqj532qssq4m2m6p
|
||||||
- &yukkop age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h
|
- &yukkop age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h
|
||||||
- &bfs-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
|
- &bfs-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
|
||||||
|
- &neuro-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
|
||||||
|
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: sus/home.xray.yaml$
|
- path_regex: sus/home.xray.yaml$
|
||||||
@@ -15,3 +16,9 @@ creation_rules:
|
|||||||
- *snuff
|
- *snuff
|
||||||
- *yukkop
|
- *yukkop
|
||||||
- *bfs-server
|
- *bfs-server
|
||||||
|
|
||||||
|
- path_regex: sus/neuro.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *yukkop
|
||||||
|
- *neuro-server
|
||||||
|
|||||||
21
flake.nix
21
flake.nix
@@ -70,19 +70,20 @@
|
|||||||
system,
|
system,
|
||||||
pkgs,
|
pkgs,
|
||||||
}: {
|
}: {
|
||||||
packages.${system} = import ./package { inherit flake self inputs pkgs system; };
|
packages.${system} = import ./package { inherit flake self inputs pkgs system; };
|
||||||
devShells.${system} = import ./devshell { inherit flake self inputs pkgs system; };
|
devShells.${system} = import ./devshell { inherit flake self inputs pkgs system; };
|
||||||
legacyPackages.${system} = import ./legacy { inherit flake self inputs pkgs system; };
|
legacyPackages.${system} = import ./legacy { inherit flake self inputs pkgs system; };
|
||||||
nixosConfigurations = {};
|
checks.${system} = import ./test { inherit flake self inputs pkgs system; };
|
||||||
checks.${system} = import ./test { inherit flake self inputs pkgs system; };
|
|
||||||
}) // {
|
}) // {
|
||||||
lib = self-lib;
|
lib = self-lib;
|
||||||
overlays.default = import ./overlay { inherit flake self inputs; };
|
overlays.default = import ./overlay { inherit flake self inputs; };
|
||||||
nixosModules = import ./nixos/module { inherit flake self inputs; };
|
nixosModules = import ./nixos/module { inherit flake self inputs; };
|
||||||
templates = import ./template { inherit flake self inputs; };
|
templates = import ./template { inherit flake self inputs; };
|
||||||
nixosConfigurations
|
nixosConfigurations = {
|
||||||
# NOTE(yukkop): in bfs one of dependencies is shadow-4.17.4 that
|
# NOTE(yukkop): in bfs one of dependencies is shadow-4.17.4 that
|
||||||
# unsupported on aarch64-darwin
|
# unsupported on aarch64-darwin
|
||||||
."bfs|x86_64-linux" = import ./nixos/system/bfs { inherit flake self inputs; system = "x86_64-linux"; };
|
"bfs|x86_64-linux" = import ./nixos/system/bfs { inherit flake self inputs; system = "x86_64-linux"; };
|
||||||
|
"neuro|x86_64-linux" = import ./nixos/system/neuro { inherit flake self inputs; system = "x86_64-linux"; };
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
20
nixos/system/neuro/default.nix
Normal file
20
nixos/system/neuro/default.nix
Normal file
@@ -0,0 +1,20 @@
|
|||||||
|
{
|
||||||
|
flake,
|
||||||
|
self,
|
||||||
|
inputs,
|
||||||
|
system,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
# Use folder name as name of this system
|
||||||
|
name = builtins.baseNameOf ./.;
|
||||||
|
|
||||||
|
in self.lib.nixpkgs-lib.nixosSystem {
|
||||||
|
pkgs = import inputs.nixpkgs {
|
||||||
|
inherit system;
|
||||||
|
overlays = [ self.overlays.default ];
|
||||||
|
};
|
||||||
|
modules = [
|
||||||
|
{ networking.hostName = name; }
|
||||||
|
(import ./${name}.nix { inherit flake self inputs; })
|
||||||
|
];
|
||||||
|
}
|
||||||
88
nixos/system/neuro/neuro.nix
Normal file
88
nixos/system/neuro/neuro.nix
Normal file
@@ -0,0 +1,88 @@
|
|||||||
|
{
|
||||||
|
inputs,
|
||||||
|
flake,
|
||||||
|
self,
|
||||||
|
}: {
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
modulesPath,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
xrayPort = 10086;
|
||||||
|
matrixDomain = "accord.tube";
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
self.nixosModules.hectic
|
||||||
|
inputs.sops-nix.nixosModules.sops
|
||||||
|
];
|
||||||
|
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
|
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJZFglwpPMFLnQDOqi84nlMFktZSSu1GzUIafvClUaD''
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
boot.initrd.availableKernelModules = [
|
||||||
|
"xhci_pci"
|
||||||
|
"ahci"
|
||||||
|
"nvme"
|
||||||
|
"usbhid"
|
||||||
|
"sd_mod"
|
||||||
|
];
|
||||||
|
boot.initrd.kernelModules = ["nvme"];
|
||||||
|
|
||||||
|
disko.devices = {
|
||||||
|
disk.nvme0n1 = {
|
||||||
|
device = lib.mkDefault "/dev/nvme0n1";
|
||||||
|
type = "disk";
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
ESP = {
|
||||||
|
size = "1G";
|
||||||
|
type = "EF00";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "vfat";
|
||||||
|
mountpoint = "/boot";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
root = {
|
||||||
|
size = "100%";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "ext4";
|
||||||
|
mountpoint = "/";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
networkmanager.enable = true;
|
||||||
|
useDHCP = lib.mkDefault true;
|
||||||
|
interfaces.enp5s0.useDHCP = lib.mkDefault true;
|
||||||
|
firewall = {
|
||||||
|
enable = true;
|
||||||
|
allowedTCPPorts = [
|
||||||
|
80 443
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
hardware.enableRedistributableFirmware = true;
|
||||||
|
|
||||||
|
hectic = {
|
||||||
|
archetype.base.enable = true;
|
||||||
|
archetype.dev.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
sops = {
|
||||||
|
gnupg.sshKeyPaths = [ ];
|
||||||
|
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
defaultSopsFile = ../../../sus/neuro.yaml;
|
||||||
|
};
|
||||||
|
}
|
||||||
25
sus/neuro.yaml
Normal file
25
sus/neuro.yaml
Normal file
@@ -0,0 +1,25 @@
|
|||||||
|
wifi-env: ENC[AES256_GCM,data:omeOzokH2ON9tCvWdEAAooVWe1I2,iv:A3J+5iDymR88xwnJNEEVydfiNjnSE1nyx/rBS2xdjQ4=,tag:TFcu2vtVOLG8Vdft3YRvww==,type:str]
|
||||||
|
sops:
|
||||||
|
age:
|
||||||
|
- recipient: age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3c0FJa3p4TTlFRk01Y2U4
|
||||||
|
a2FOWS8rYy9pSzVvNnFvdU1aYkF0QTUwakFZCks4cG9PdE14cVdXa0M3SCtCQWpS
|
||||||
|
UEc1TVhVc1JBdTJQb0NiWitxRmkrZ2cKLS0tIFhOOUg5THozUHZMZmYzeDlpZE0x
|
||||||
|
WFhVWWVuUVVXYzhwTWtzamFmSGc5L1kKmkEV+PRreL39DPLDqpiVq18n3DNUZbye
|
||||||
|
G+GU1Uryll85az9juzztvlyhJxcUnJk1L1HUpfFfONR+ph4VgbC7OA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOM2QxMFNyaGZuWS91MFpD
|
||||||
|
WUczU3lDbjZiSUpkcC94QW5XdkIvVnBYdzAwCjZqQmRldWFEUUJ6NDBIY2hDeEpv
|
||||||
|
QjYwRmhNaUNFMzV0V0FRYnVDSllKNncKLS0tIFdYSmNpV1Axb0JsRC9ka2FzdFNp
|
||||||
|
K3Z0eTVZT0FYTzhiUHUwMnF5NFJxY1kKvPpfuE+3zCs0RnxXLSeuZb11670D7bVT
|
||||||
|
VObBGfwKYxsjIQBIlzmWZ90oEI874dLjXgvdC0rRexbWQvjEf0bGtw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2025-12-26T08:50:00Z"
|
||||||
|
mac: ENC[AES256_GCM,data:7y0VzBoWg2nP6QIOl9xGt+g22r2m/KSJ2ePKTLDDreSieVvEnv5ObwqzS84LyAzw6p9smmvZxiR3BxJrmrdXtoSaFufFgltJ9r41ftYTVSiiCcJXACwAnRX3LIYbooZk48kRqwV68n4+frmuH4oeBWqfwaONV2v2F8TuTJejJIg=,iv:PHqEWTN8dAoUR/Pb2HTGs2Pz96vCgdP5d622fmQC2RM=,tag:MWswXZbSpqDFJ+ZvFQ3jig==,type:str]
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.10.2
|
||||||
Reference in New Issue
Block a user