Compare commits

..

No commits in common. "6215a962e4b601dfabd8f62a680f031e97a39537" and "809eb05edfc0e04184ca0fed8a89892566882710" have entirely different histories.

15 changed files with 162 additions and 51 deletions

View File

@ -40,6 +40,16 @@
];
};
"nyx.lewd.wtf" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs self; };
modules = [
sops-nix.nixosModules.sops
./default.nix
./hosts/nyx.lewd.wtf/configuration.nix
];
};
"phoenix.lewd.wtf" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs self; };
@ -118,6 +128,19 @@
};
};
"nyx.lewd.wtf" = {
sshOpts = [ "-p" "222" "-o" "StrictHostKeyChecking=no" ];
hostname = "nyx.lewd.wtf";
fastConnection = true;
profiles.system = {
sshUser = "root";
path =
deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations."nyx.lewd.wtf";
user = "root";
};
};
"phoenix.lewd.wtf" = {
sshOpts = [ "-p" "22" "-o" "StrictHostKeyChecking=no" ];
hostname = "phoenix.lewd.wtf";

View File

@ -0,0 +1,24 @@
{ self, config, pkgs, lib, ... }:
let
utils = import ../../util/include.nix { lib = lib; };
imports =
(utils.includeDir ./services) ++
[
./hardware-configuration.nix
./networking.nix
./users.nix
./secrets.nix
];
in
{
inherit imports;
networking.hostName = "nyx";
networking.domain = "lewd.wtf";
boot.loader.grub.enable = false;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
system.stateVersion = "22.11";
}

View File

@ -0,0 +1,35 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/adde8f5f-358d-4ed2-835a-8fecbe4a86a4";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/8D9D-CCA2";
fsType = "vfat";
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/6cee1359-6e2c-45fc-927d-f2a558f0ec5d";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/474244b3-df18-4af7-badf-d7b2531ae17c"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View File

@ -0,0 +1,11 @@
{ ... }:
{
networking.defaultGateway = "192.168.0.1";
networking.nameservers = [ "192.168.0.1" ];
networking.interfaces.enp2s0.ipv4.addresses = [
{
address = "192.168.0.10";
prefixLength = 22;
}
];
}

View File

@ -0,0 +1,14 @@
{ config, ... }:
{
sops.defaultSopsFile = ./secrets/services.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# Vaultwarden
sops.secrets."services/vaultwarden/.env" = {
mode = "0400";
owner = config.users.users.vaultwarden.name;
group = config.users.users.vaultwarden.group;
sopsFile = ./secrets/vaultwarden.env;
format = "dotenv";
};
}

View File

@ -0,0 +1,30 @@
example_key: ENC[AES256_GCM,data:MB+njL6mhVGUYKlBww==,iv:wXY3sv0gW37H/Mv5s4caJIZe0NPzrSOu5+/zZV21OsU=,tag:G9EH5DpFHMq2Qx/grNrYNQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5QXk5U3JRZ1FtNzM0cEZJ
b3RXdEpra2VJSWxvT3BwOWZuc1JkWkhBQWlVCmFQUHlybEZYNXYrNVpLT2xPc2pP
UEtxdlJHdWhzK05CRzN1dFlqM01ValkKLS0tIDZVQWo0SXFyV1Nad2RGcGFtcDBt
UHQyVjkvOGZXVXJDYWhQeFN0WFJhOHcKsmRy6Sn3IHPuXdv5j8l373HLBSgBy7M/
Z/uIth3S50OGf6okvvHJxWuZ3xVXwZqUwfYpE5WtJuSXi4rBaJHISw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vnyex6qqzwl5laxgww9xzcqy9ht85s0etgq0esry8gk7ad0eaq8qz9p5ya
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxamE0eTB3TXVGNDN1azZ3
MmRHalA4TjErZE1Db2tNM1lhd2VHK0l0YlVNClFic2t2VXhKR0pBMGFIVHRFczEy
cE9KZjlDSzZuYlJWTlVEL1ZXOUxRajAKLS0tIHhaekZvdE40YlVlS3A2Y0kxWHVR
SkMwdFUrcmN4aUJ0cms5WlhBWnZKTncKt0JurciGm7hQI8VSalQaHvGzh9xF2Xrl
afe94Ma/mmojj8cEqJQlarMMDtAAGsWjz7zwwam629uE9Yjsr/YRbw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-15T08:13:59Z"
mac: ENC[AES256_GCM,data:ockH8FVoLTeGuCOKknJ3aSQIQEIFFtmJQ+RwmDgorWSYHCUDsriSGy8fVEoAE/6pzGMahjdC1rK2YtaeAFljsNTh1Ct5CpVBmwKZVOCZSM9eWz4d7JFjJolIc+kNSj/9k+NUZBZafUMa1ckIK/8CMM0AysZ/mBeYTsaP8WOfB5g=,iv:aFICxoznCi5Tg+YZrsBAiEWPw7Hw+Abv1wJpdB50PQY=,tag:2sWz7OvFI7pIRsoeHJKpxQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

View File

@ -0,0 +1,11 @@
ADMIN_TOKEN=ENC[AES256_GCM,data:R1mhyfHnTvnWaeKL7UFUuaA8bmpoQciLXRgLZKTDH0Zvo/M76s/NSenBEtpfpUJMbHGp1hmXqkK6jR5WVemYhg==,iv:yCdNQbQx86CZU7GvShcL9YxOlzGr/bTfTp5DDMudTDs=,tag:yPXiqasJbj2NCc5vIc2zVw==,type:str]
SMTP_PASSWORD=ENC[AES256_GCM,data:dhTGLgXtdn6olKATr/qTRA==,iv:uA3WytiA9o/3qohl/eaMD7gVbORo4YZg2gzT/qZZHbA=,tag:cmcSLz0/YS1/45ZrLSp08Q==,type:str]
YUBICO_SECRET_KEY=ENC[AES256_GCM,data:mIfNhnuU3+KaOJ/MXSabOus5nAGdNmoHimWhba8s,iv:XDmIl7dqV8R7bykwtQz3EQIf1qJHh3wPbL9RAu6ZWEk=,tag:zIUbM5mBqJeQJ2npKPJ+fw==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_mac=ENC[AES256_GCM,data:3EjD4AKgXCOTIwCZrRkq+NYDrRSH7+8LsC4Eop6SNVyXUCP5zyhJwInFpSnrSeYPp81HSxZz0LZEotJH0P6e1/JVfxKz9bOuoGr2856fEh3qmzQW2Mu6UJSFa2rGjtqTuWC+fMvIUpNX5dF2d3nxEGkRbylQedQLWACKgYVmfEo=,iv:EBBRSR84VLpezX7WdFwHyvqu5fZn7bZ/t/2H37Mx44Q=,tag:Rbkcq2V8G0rDwQYiwm0JtQ==,type:str]
sops_age__list_1__map_recipient=age1vnyex6qqzwl5laxgww9xzcqy9ht85s0etgq0esry8gk7ad0eaq8qz9p5ya
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTdTRPUGxqcGowU0FjRE84\nNjhKdEJabFZEVXo3aTArQnNNRjhaMFZiKzNrCmpLbFoxTVlTUkYxOHVJdlFqa0JF\nQStIT29uSlY3SWtzZHFqbjZwTHZ1aEUKLS0tIHJlLzlCV0RJekVvOWRLV3JmZ2pv\nZ0VrUVg5NXVTWU5LRDk2M3dYWXM3bkEKA4KusPniM0pO6oJhHq1khrfcwdSvG+/A\n7rn6Ib23WSHUAquxCxOz9IXL2GDrajEFnv82lyYUgijgb7PEWC2pPQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_version=3.7.3
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UXYrVkxHSmx1V1E1aVlW\nTVMwamo2ZnJrbERDTkJoSS8yanVXZ2pEbEJnCjExM2U5T1U3SkVrNFhIaXg5VE9K\ncnNyUDdQM2IyQ2FpenV0VEhIR1NBaTQKLS0tIEsvOTNDa1BvUlk3UE01VGZydmVG\nZDZOelphR0Nsa3c4aXZ5NDJVWlVvQmsKPxUi8Vgxe+EsHSF/33OfoEdFIUscDTzR\nzjf8rkG5BU616tudvXUGLfdncCiG+hfz7ZvmEYlTEAdGzSYSW8tuhg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
sops_lastmodified=2023-04-21T17:46:25Z

View File

@ -0,0 +1,14 @@
{
users.groups.markus = {};
users.users.markus = {
group = "markus";
isNormalUser = true;
home = "/home/markus";
homeMode = "755";
createHome = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERtfY26/h5xl+bzZm2htR4+Wd879DvZRPHsosFaEqIW gaming@DESKTOP-4ACM3JU"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2eur+tK9VTYqXTgYlJY1/oV1EzUhm4QZGEl4e3/kWr deck@steamdeck"
];
};
}

View File

@ -1,17 +1,7 @@
{ config, ... }:
{
sops.defaultSopsFile = ./secrets/services.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# Vaultwarden
sops.secrets."services/vaultwarden/.env" = {
mode = "0400";
owner = config.users.users.vaultwarden.name;
group = config.users.users.vaultwarden.group;
sopsFile = ./secrets/vaultwarden.env;
format = "dotenv";
};
# MSMTP
sops.secrets."services/msmtp/password" = {
mode = "0777";

View File

@ -1,30 +0,0 @@
example_key: ENC[AES256_GCM,data:0VPRbi+eXJx6TEzSLg==,iv:wXY3sv0gW37H/Mv5s4caJIZe0NPzrSOu5+/zZV21OsU=,tag:66xqln7ExRHqTs84I5FI/g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFaVc2c2ViN3pyYlNValQ2
b2Q4STlST1M1Umh6MWl3ZDAvajJVUXJIbW13CmRvQ3RBbWZrbklKRmU4MmdHdkVN
YlgxSElqZzl3ckZjRWtEU3pmcGhpZU0KLS0tIDlEYklTN3N3RWxFUFNZM2xGMXRI
RE41cnNWdWRrZUVwaG56Qmh6VEwzSnMKi4Hl9IjxZKelOQd2fxf54qN0ZAlx4zzE
O+acAe7wB8v85XgEt/DBJrVi6NYg8bt7uj4R71cAMZxKheBjdNNPXA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tf5077gpdp3cp4hedvng5wltzvp9jg0ehpt7czhnczlx6ctvqpjstvrmmh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArU1ZmY0dkM3FQdWtCdGlP
VFNpMkFaWWZwMGJxS1dqRm5BQURLbGQ0M2hNCnA5OFBScUNUc01tM3R4M3RxNFdl
NlArazJ5aktVVGlxUlpEV0hLK2Zna3cKLS0tIGZYc0lnL1dLRDNxV2RFZFFhUmhN
RmRoZmxVMVhOL1FtTlA3QTNCQ1RlNWcKLitsiPk+4Lzdud4GR/iMgolGLLURU6mO
1FBk0HTP4b+f0G5Uentp9oBPTNA0J6qCo1C79ZgV6LiZoWKunh5QAg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-10T18:21:20Z"
mac: ENC[AES256_GCM,data:euTc5etuk3p8g3OOijis4mvDrgS3dkYf5d3qkqlzftxcocZgPgUI9lJZCL3K11zn7JnbNUm5cMtr/h14WYtCJXztHXXhrpAbfy3HRNKlELCn+gENvbMM7Vtkb/8Uji2xosRHl4ygnTLN3L6/qX0Sn0sQm96UB3Q8ZHOXClQNZ/4=,iv:FNw/OEOhCmAMdbbIpkn3SbNwf2y0eHSHFuJlm58ZykU=,tag:ealqzvWEdGiQkvz/72L6QQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

View File

@ -1,11 +0,0 @@
ADMIN_TOKEN=ENC[AES256_GCM,data:1cRomfcw7QRGJ8FeRBIbVE0Rj7hGgusSxa4h0oLWmlNSqDi1NLuMevCZoQQuwGE4ZgTttdUrZUv6QGwtndaDcQ==,iv:yCdNQbQx86CZU7GvShcL9YxOlzGr/bTfTp5DDMudTDs=,tag:gNN7eZc2mR/90n7JOeg5wg==,type:str]
SMTP_PASSWORD=ENC[AES256_GCM,data:GbBaT0JUsxCT8x3o5EoKvA==,iv:uA3WytiA9o/3qohl/eaMD7gVbORo4YZg2gzT/qZZHbA=,tag:GpP1lzeeNdkZfaI16cufzQ==,type:str]
YUBICO_SECRET_KEY=ENC[AES256_GCM,data:caHlB/H4iWfZP2jQjVrFIUXfYiT1g5q81Cyfb+7q,iv:XDmIl7dqV8R7bykwtQz3EQIf1qJHh3wPbL9RAu6ZWEk=,tag:3eDkQF1+7AroPzTh6PzTTg==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTCtwelNJdENDOERjSGlI\neUgwYnpvNDhnQkZmVmRaTmJSOFlCZFZGWkJjCjQrV3V3VExPZzIwVitJaUtmNEdU\nU09UbENVUi9wWWZ2RzNhbXN4VG5IZWsKLS0tIEpkT0hHZ2JCcEVBeGduWk83WnZm\nWlhkMzFMQXN5R3JBb1pvc0U5Y013dWMK5LiYBFHa2j29Q58VfR/XvxduBv/dy3Wi\nLasyBSqFrK0nngUXhCxPVCn8ZU5gMMaiXCisCPDxXDdX+t7DLErCSw==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvS3o2TkplT1hIa1luKzky\nbEo0cGdIYStlTDg3NDh1UGQ1NTRqcTZqb0RRCk5aaTY2NnFMVDN6Z0ludDNyQW5n\nelNHZjNJZTJXbEVlN2xSNzBsQUV2WDAKLS0tIFBwRkpoWDIzMk5XRWh3dlRpbjR0\nbStON1RnbXprcXAwUm00aVExMVc2Q2sKdOrM7+UT5Bb6z5Rnv6EkVt8+aIEqWfOc\no2fc6d2F5ozmt/GS189dld8QWFvIY/RUQnRqm55txAip8NHynTt+0A==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age1tf5077gpdp3cp4hedvng5wltzvp9jg0ehpt7czhnczlx6ctvqpjstvrmmh
sops_lastmodified=2024-02-10T18:21:23Z
sops_mac=ENC[AES256_GCM,data:CAm7H/sbSnLD72uryZwK9rlu9ptTqBVMAvWjzI8PzzFx5PQHrkFKOmG73Sdao6Map1QMjM57g/q0DDxkL0tY3iW4X1kc3oUC4Ej4nj4/ZrjRiVpSA6Zs38gi4O30X7lr0iWK1DdD/wCMuo66ixJ5ol/0XBAUIUUUW7UxaTLptDM=,iv:bDvwwPoFeChslZgwnoSMPJzd9yY2Y6Tc8Gdyhxp9Fyk=,tag:BjUnCjdL9DNGg9sbyWOXAQ==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.7.3