keys:
- &admin_self age1ykfwuq666clqzxk4vjyjhtk29h7s3ztcu4ewfwgrq9kaxrmeapdqw0ec85
- &host_these age1qwdxl2jdwu2feee4ttlhr06682026gftt9n6cw9n6yxjsr2vzy7se389re
+ - &host_more age19us4npj5aw2wcfglxzt5l2aemc8n79k6chfflmfjk2h40y37p9aspwmumc
creation_rules:
- path_regex: secrets/[^/]+.yaml$
key_groups:
- age:
- *admin_self
- *host_these
+ - *host_more
--- /dev/null
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ../shared.nix ];
+
+ boot.initrd.availableKernelModules =
+ [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+ boot.initrd.kernelModules = [ "dm-snapshot" ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+ boot.loader.grub.enable = true;
+ boot.loader.grub.devices = [ "/dev/sda" ];
+
+ # boot off an LVM pool named NixOS and lv named System
+ fileSystems."/" = {
+ device = "/dev/NixOS/System";
+ fsType = "ext4";
+ };
+
+ swapDevices = [ ];
+
+ networking.useDHCP = false;
+ networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; # public IP
+ networking.interfaces.enp7s0.useDHCP =
+ lib.mkDefault true; # first internal network
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
{ config, lib, pkgs, modulesPath, ... }:
{
- imports = [ (modulesPath + "/profiles/qemu-guest.nix") ./shared.nix ];
+ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ../shared.nix ];
boot.initrd.availableKernelModules =
[ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
swapDevices = [ ];
- time.timeZone = "America/Los_Angeles";
-
networking.useDHCP = false;
networking.interfaces.ens3.useDHCP = true; # public IP
networking.interfaces.ens10.useDHCP = true; # first internal network
--- /dev/null
+{ config, lib, pkgs, ... }:
+
+{
+ networking.hosts = {
+ "10.0.0.2" = [ "these" ];
+ "10.0.0.4" = [ "more" ];
+ };
+}
{ config, lib, pkgs, ... }:
{
- imports = [
- ../secrets/keys
- ];
+ imports = [ ../secrets/keys ./hostnames.nix ];
# Initial empty root password for easy login:
users.users.root.initialHashedPassword = "";
services.openssh.settings.PermitRootLogin = "prohibit-password";
services.openssh.enable = true;
+ time.timeZone = "America/Los_Angeles";
+
nix.gc = {
automatic = true;
options = "--delete-older-than 5d";
};
+ swapDevices = [{
+ device = "/var/lib/swapfile";
+ size = 4 * 1024;
+ }];
+
environment.systemPackages = [ pkgs.ssh-to-age ];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
--- /dev/null
+{ pkgs, ... }:
+
+{
+ imports = [
+ ../../hardware/hetzner-cloud/cpx31.nix
+ ../../secrets
+ ../../maint-mode
+ ];
+
+ networking.hostName = "more";
+}
{
users.users = {
root.openssh.authorizedKeys.keyFiles = [ ./self_id_ed25519.pub ];
- git.openssh.authorizedKeys.keyFiles = [ ./self_id_ed25519.pub ];
};
}
--- /dev/null
+{ config, lib, pkgs, ... }:
+
+{
+ users.users = {
+ git.openssh.authorizedKeys.keyFiles = [ ./self_id_ed25519.pub ];
+ };
+}
- recipient: age1ykfwuq666clqzxk4vjyjhtk29h7s3ztcu4ewfwgrq9kaxrmeapdqw0ec85
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLYnNxSFMwUFY5ZmtYSk1k
- ZVFLcVNQYXZYbFl0VDhBam1aeGtVTzUrdkhBCjFlTHpQU2ZiRjVhU2dTRmZJZVZL
- Z094ZEFzTEFyYlA0eU9GSXFCYWdRckEKLS0tIFpjdHlBMlFYLzZzTVdoekE5eXdU
- L3RYL0ZRKzdOMjJLVnJUTVlHaDBEUUkKyvlJ3mcJZ3U9iWIL4YLJDEtUCkz2Kmh2
- 2SF8Tz0gshOL8xBXeaoleXN2sHvnC5PqePvzu6Q8hs8iX81WxY+Nyw==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhbmdEeEJUakRzY1dLSEFB
+ Nlh5QlRTdzlCamhLNDZ4bUl4Wm9kUEVrbkNZCmhPSTBsUTk0SHJ5bWhpZktNb2NF
+ bE83d2UvSk1BZ1JaemlCVkx1UFdTbkEKLS0tIDZMOTZDSWwzWlROWDdhM1hJUE41
+ QnVWQUFyVDhNWG5zZUV2Zmg3OHFBSm8Kv//fBjk+O5kH9FlYSB5Sk8nx7rFtcSqN
+ MSTATQzF+ZqXhS2Ssi6u2eeZDU0INr5u6QoOQO8dD8u98288z0XxXQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qwdxl2jdwu2feee4ttlhr06682026gftt9n6cw9n6yxjsr2vzy7se389re
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhenJvaCszWHpoeUdJWWtY
- bTFSY2kxU0dCL2JvMXJQWHdpMGdaT0J4Z0hFCkJUNHVSd1A3MytJb1p3aVE2T0JF
- MkgzaDluVXdJV2ZJb2pITVBGTFlNOUkKLS0tIFdCU0V4MFh1elN0ZWEzVS9OcVNI
- NlNKT3g5dWlZckM0MTVwNVAzajU0YkEKyY98VzxcSz9NqaBsKV89Wegr+d0ZuzJH
- Yt5R1uCjeBHBNW3++qVRf2koWouPpMYa69eDrlRUkL0SkJXVC4QzqQ==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0eXZLOWgvL1daK1hMMTl2
+ ZUxrb1RzRlhNU2tUcEN5NDlwLzArRVFZalVjClEybkZaNmlDVS93TG1HN0o3Szdh
+ ODJFWVd0MjZISFd6TEhsU1NwY283NzAKLS0tIGxhczE1aEtPcFFleHA2aDBKSVdM
+ OFJWQUJ0bFJ2dEdaK0c1Mkl0Si9RbzAK9uFXgbK1kVTPUP3LcTa0C6oAjHe22HeO
+ +ng7/moK/4cp+RZojBUl/s7auQ3E9pcj7qp8BFpdplM0ur7+qT/Xcw==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age19us4npj5aw2wcfglxzt5l2aemc8n79k6chfflmfjk2h40y37p9aspwmumc
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCWUtpMGtPVUJZZEQ0bEpX
+ OCtycmlIYWlhOHByR2pvdzNORFpQVGNqd1dVCnhhdEtKWlJrTGNvR3UzZTIyVUZr
+ WW5jdUVLaUJFdTFPU3pvdTMvcytxckUKLS0tIHAxdTEyZXNOY0dqQWhYYVl2RzJ5
+ RW13UEl1NEtza2NnTXY4YnFOY1d1QmsKxs+hTpa+s1jaG8T1tPo7FUtkEQA0WZpj
+ qjgrYGhFpg6dicovfkY6Ksyx4WXgw52GTMQZjyEo6FJObUvSF6TmGg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-06-29T10:57:55Z"
mac: ENC[AES256_GCM,data:cV3/ptlgCPM0G62bfxVJCW5xgx0rBsiaClifdFhPdqLbaJ2MpMCbujgw8RbX7RSKpq7tNMIrPaCvAmp5RQETd08FWnQbMjaKy2dDoQefYFspaDrv0atXU5ObXM37EEc2NMUgg/7U/JJPoeqUIBAOTyPA/Uf77HrY02LTxpW2Pwk=,iv:2C3RpLOo1ghkpygw9bWWX3JuSMJy2YHJZbLYJ1yLrmw=,tag:ZoLdrFEmM/ZFXLH1lV9vJA==,type:str]
projects / awful.systems.git / commitdiff