From 413b12b4e1f8933b187f524f999a585cd80bcc70 Mon Sep 17 00:00:00 2001 From: Kevin Kandlbinder Date: Mon, 24 Apr 2023 12:28:23 +0200 Subject: [PATCH] Add configuration for amon --- nixos/.sops.yaml | 9 +++++- nixos/amon/configuration.nix | 40 +++++++++++++++++++++++++++ nixos/amon/hardware-configuration.nix | 34 +++++++++++++++++++++++ nixos/flake-module.nix | 6 ++++ nixos/modules/mullvad.nix | 1 + nixos/shared/secrets/passwords.yaml | 39 ++++++++++++++++---------- 6 files changed, 113 insertions(+), 16 deletions(-) create mode 100644 nixos/amon/configuration.nix create mode 100644 nixos/amon/hardware-configuration.nix diff --git a/nixos/.sops.yaml b/nixos/.sops.yaml index 03ad3c1..ee1d3ca 100644 --- a/nixos/.sops.yaml +++ b/nixos/.sops.yaml @@ -2,6 +2,7 @@ keys: - &admin_kevin age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6 - &target_kevin-tp age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s - &target_kevin-pc age18zsr2dzd23g4x4dsqw5jzn64x7tsezqs72vj2d4hg7r9kxqxuyts69a7zj + - &target_amon age1jxzgv6z7emkv2rqztuuzzeq3qjq9jluu6vg0vljcltyvxps5lv3smltd2t creation_rules: - path_regex: kevin-tp/secrets/[^/]+\.yaml$ key_groups: @@ -13,9 +14,15 @@ creation_rules: - age: - *admin_kevin - *target_kevin-pc + - path_regex: amon/secrets/[^/]+\.yaml$ + key_groups: + - age: + - *admin_kevin + - *target_amon - path_regex: shared/secrets/[^/]+\.yaml$ key_groups: - age: - *admin_kevin - *target_kevin-tp - - *target_kevin-pc \ No newline at end of file + - *target_kevin-pc + - *target_amon \ No newline at end of file diff --git a/nixos/amon/configuration.nix b/nixos/amon/configuration.nix new file mode 100644 index 0000000..5ea0511 --- /dev/null +++ b/nixos/amon/configuration.nix @@ -0,0 +1,40 @@ +{ config, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + + networking.hostName = "amon"; + networking.domain = "srv.1in9.net"; + + time.timeZone = "Europe/Berlin"; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "de"; + }; + + users.users.kevin = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; + + environment.systemPackages = with pkgs; [ + vim + wget + curl + htop + git + ]; + + system.stateVersion = "22.11"; # No touchy. + +} \ No newline at end of file diff --git a/nixos/amon/hardware-configuration.nix b/nixos/amon/hardware-configuration.nix new file mode 100644 index 0000000..624ef3d --- /dev/null +++ b/nixos/amon/hardware-configuration.nix @@ -0,0 +1,34 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/adee2255-4c88-40ca-a0d4-54159014f901"; + fsType = "btrfs"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/12c485e2-a8ef-45c3-8bdc-ba7b57551a2f"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} \ No newline at end of file diff --git a/nixos/flake-module.nix b/nixos/flake-module.nix index 4fe324a..8101578 100644 --- a/nixos/flake-module.nix +++ b/nixos/flake-module.nix @@ -51,5 +51,11 @@ in ./kevin-pc/configuration.nix ]; }; + amon = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = defaultModules ++ [ + ./amon/configuration.nix + ]; + }; }; } \ No newline at end of file diff --git a/nixos/modules/mullvad.nix b/nixos/modules/mullvad.nix index 9b739b3..69b1af1 100644 --- a/nixos/modules/mullvad.nix +++ b/nixos/modules/mullvad.nix @@ -1,4 +1,5 @@ {pkgs, ...}: { services.mullvad-vpn.enable = true; + services.mullvad-vpn.enableExcludeWrapper = false; } diff --git a/nixos/shared/secrets/passwords.yaml b/nixos/shared/secrets/passwords.yaml index c6b9d49..8d85f48 100644 --- a/nixos/shared/secrets/passwords.yaml +++ b/nixos/shared/secrets/passwords.yaml @@ -8,29 +8,38 @@ sops: - recipient: age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxeVQyZi9vWjk2WW4xK3Vy - V04zVTAweHFrZW9XZHZ3ZkZsRmJMUGhPMGo4Cjc5MkZDMFo1ZHJaRzlqTWNSYVBQ - QVF3NDZ5RGRwYmJRWW9HUm1OS0M4TlUKLS0tIEozelFXWUdta3E3WU43dERmTGxP - YkZoSlliblVGKzUzQUtQRmJlbytnb2cKnY+6xKzKfCr+9UzEL+ELd8bnbIqjIjaJ - 9El1Ch8H6Z0Wv0VU3mop3++2ljs62Y7K4qgRvMnADP5wX7VE6ThtPg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzbndqVUZPNUdWOE1NQUd6 + ZWZMTG1DQTlHRStPK3FKTnRBdmtUQlZHNUM4CmtIbENwTkFDb0N3dlRnaFJHLzFa + bUlBU3dVWlZ1a00xb21YTm9LU2xZazAKLS0tIEQ5NmVTampweFN5SnhNZWUvOWxQ + Q0VadWFoUDA4ZXJoVVdXNVRiTURLOU0KotulBGPQ8CDKzXAt1Mpx0QH3OPLiEoXD + j9VhFgbsZVaICdZvSpf7t9QBrxESEgdEQViWmD2q4QjyY+n3/xSwQw== -----END AGE ENCRYPTED FILE----- - recipient: age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDc1BsaUx2OWE3eUx5ckVs - SDM5WGV6UTZoMk01YUcySEZORXh0ZUZ4VUVRCmxNNFVhRWVBcTVHTDcxZE5XbGVO - akZQYXllSnQ3U0k4ZUJZSTNTSlJYNFUKLS0tIFczVGdCdEIzUEJtRFZ0MVFvRzZV - czNKcGxDNXlqcVB1bkZ5K2VCR3FvcFUKug+0PR4p5e87WdFHtpYbvjph4H5vftz9 - D7YnwbMqwGAHoNBwE9zsxl6KPinql+DCpZBd4O8P4jwQ3pvu/rLoiQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJakhtTk9FaEI4Yll4NXlN + Q2UwQTJvNXF3ODJQZmsrbHBsb3Vja2xwV3g0CkFDUDhXb2FyajRaZkpLdVFFMkhN + SVlLSkpnd3JmWXVJeWNaRnhtR0xqazQKLS0tIGw0SzlNcm5VdFdwSkZmdmNkZC8v + aUVLTjJCTVEvOHl2ZmxyL2psQ2tNSnMKDfpJX3YOpuueoJGhha1Cdei5kRnbP/Nx + ZWXQ4VvXhVg0SCKhZcmW7on5sCBexe1P6JDxnkD0EfULmbgnQ8DmWg== -----END AGE ENCRYPTED FILE----- - recipient: age18zsr2dzd23g4x4dsqw5jzn64x7tsezqs72vj2d4hg7r9kxqxuyts69a7zj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRmkvSHFaaFV1eGVpd1Jr - dUh2UWUxdmVIQVFJKzNab0N0djg5Wi92VjFnClRvMDBiVUNHeWtNUHdJazJxR2lB - MS9OZTNiTlFCZG1tWFdoSGZRV2hRZTQKLS0tIHBIbXBZVzJkYzUvTVFpMDd2d0x3 - dGZQQUdxVUN4d3NVVlVMbmt1SnJTQ1kKbzh0vaSeAxUPdj3fLpZFm3APsFwE+i7C - ZzT89bMLeYw9q7FSwLluHR3yfMJanFObpoAs0mH5xFZVad+D5h9GcQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVkZqYk5ZM0E2NEdJMmEw + RXZIcURlWkFPVjBzcUw5YUFTMUZ5d1B2ZkZZCmxHYmJ2MDZ2czVveWtkZXRZSDRC + WmtKME5ybWtxakd0cS9GWmV6SGpYRmsKLS0tIDcwMDdtUUhyNG9oRGtpSXZ1UU01 + WjRiL2pBbnFtVk9DN3BTUzFjSXdXUjgK7dYmDHt7879OhKC+YSq0DDa1+NSw18WV + XKUZRT86UU4PoV5BKZLA2zensom7hfy5BkY69Gu/mfFuUVvCcVeGHA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1jxzgv6z7emkv2rqztuuzzeq3qjq9jluu6vg0vljcltyvxps5lv3smltd2t + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NWJMNlcvakxMblFyRnRM + bWg0YXdRYkxMN2pUL1NwU3E5T042VW5jcEF3Cmg5UTVDaHovVmRvdVlWMEIrNm1N + Wk1KcEJwQk9lYjRFY0dhY1JWMkhvMGsKLS0tIDJWMStITVoxNW1XSGR5Y2lFUVd0 + NTU4WHpkSVpJTkNxZks4TUFwbFhWaGMKdkthdQSkJufz7+KBTok1TTyDS57AYIKz + f21wyhY0UDZM9Ncacw5arD1v/6huWvTWmxYuuSdAyblZrLjoeXJnKg== -----END AGE ENCRYPTED FILE----- lastmodified: "2023-02-28T18:31:14Z" mac: ENC[AES256_GCM,data:iBl26uWB1vRzXoSklSDpgb1n6xDyFo9BvI5Hyq2eBcRuPWltNBO/WM78UBDqWf4YvtQl4cZ3ccHpV3tWe3vwnMlFhzOactsR29LZl7/7QX9+w6cXhEvKJ8/hGlKkKo2dOmyuUwn36MlJOSZlVjvU1V1JSH1LL6xEdbh0UMzeQvM=,iv:RN+GeAToEHaNegfj+wpC+c9Rz0gqhDxJl+EbEvOsyYM=,tag:gFoUcn/Wn15YLff0a8rw3w==,type:str]