Add configuration for amon

2025-05-29 22:36:10 +02:00 · 2023-04-24 12:28:23 +02:00 · 2023-04-24 12:28:23 +02:00 · 413b12b4e1
commit 413b12b4e1
parent ff459f51a4
6 changed files with 113 additions and 16 deletions
--- a/nixos/.sops.yaml
+++ b/nixos/.sops.yaml
@ -2,6 +2,7 @@ keys:
  - &admin_kevin age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6
  - &target_kevin-tp age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s
  - &target_kevin-pc age18zsr2dzd23g4x4dsqw5jzn64x7tsezqs72vj2d4hg7r9kxqxuyts69a7zj
+  - &target_amon age1jxzgv6z7emkv2rqztuuzzeq3qjq9jluu6vg0vljcltyvxps5lv3smltd2t
 creation_rules:
  - path_regex: kevin-tp/secrets/[^/]+\.yaml$
    key_groups:
@ -13,9 +14,15 @@ creation_rules:
    - age:
      - *admin_kevin
      - *target_kevin-pc
+  - path_regex: amon/secrets/[^/]+\.yaml$
+    key_groups:
+    - age:
+      - *admin_kevin
+      - *target_amon
  - path_regex: shared/secrets/[^/]+\.yaml$
    key_groups:
    - age:
      - *admin_kevin
      - *target_kevin-tp
      - *target_kevin-pc
+      - *target_amon
--- a/nixos/amon/configuration.nix
+++ b/nixos/amon/configuration.nix
@ -0,0 +1,40 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+      
+    ];
+    
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/sda";
+
+  networking.hostName = "amon";
+  networking.domain = "srv.1in9.net";
+  
+  time.timeZone = "Europe/Berlin";
+  
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "de";
+  };
+
+  users.users.kevin = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    vim
+    wget
+    curl
+    htop
+    git
+  ];
+
+  system.stateVersion = "22.11"; # No touchy.
+
+}
--- a/nixos/amon/hardware-configuration.nix
+++ b/nixos/amon/hardware-configuration.nix
@ -0,0 +1,34 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/adee2255-4c88-40ca-a0d4-54159014f901";
+      fsType = "btrfs";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/12c485e2-a8ef-45c3-8bdc-ba7b57551a2f"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/nixos/flake-module.nix
+++ b/nixos/flake-module.nix
@ -51,5 +51,11 @@ in
        ./kevin-pc/configuration.nix
      ];
    };
+    amon = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = defaultModules ++ [
+        ./amon/configuration.nix
+      ];
+    };
  };
 }
--- a/nixos/modules/mullvad.nix
+++ b/nixos/modules/mullvad.nix
@ -1,4 +1,5 @@
 {pkgs, ...}:
 {
  services.mullvad-vpn.enable = true;
+  services.mullvad-vpn.enableExcludeWrapper = false;
 }
--- a/nixos/shared/secrets/passwords.yaml
+++ b/nixos/shared/secrets/passwords.yaml
@ -8,29 +8,38 @@ sops:
        - recipient: age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxeVQyZi9vWjk2WW4xK3Vy
-            V04zVTAweHFrZW9XZHZ3ZkZsRmJMUGhPMGo4Cjc5MkZDMFo1ZHJaRzlqTWNSYVBQ
-            QVF3NDZ5RGRwYmJRWW9HUm1OS0M4TlUKLS0tIEozelFXWUdta3E3WU43dERmTGxP
-            YkZoSlliblVGKzUzQUtQRmJlbytnb2cKnY+6xKzKfCr+9UzEL+ELd8bnbIqjIjaJ
-            9El1Ch8H6Z0Wv0VU3mop3++2ljs62Y7K4qgRvMnADP5wX7VE6ThtPg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzbndqVUZPNUdWOE1NQUd6
+            ZWZMTG1DQTlHRStPK3FKTnRBdmtUQlZHNUM4CmtIbENwTkFDb0N3dlRnaFJHLzFa
+            bUlBU3dVWlZ1a00xb21YTm9LU2xZazAKLS0tIEQ5NmVTampweFN5SnhNZWUvOWxQ
+            Q0VadWFoUDA4ZXJoVVdXNVRiTURLOU0KotulBGPQ8CDKzXAt1Mpx0QH3OPLiEoXD
+            j9VhFgbsZVaICdZvSpf7t9QBrxESEgdEQViWmD2q4QjyY+n3/xSwQw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDc1BsaUx2OWE3eUx5ckVs
-            SDM5WGV6UTZoMk01YUcySEZORXh0ZUZ4VUVRCmxNNFVhRWVBcTVHTDcxZE5XbGVO
-            akZQYXllSnQ3U0k4ZUJZSTNTSlJYNFUKLS0tIFczVGdCdEIzUEJtRFZ0MVFvRzZV
-            czNKcGxDNXlqcVB1bkZ5K2VCR3FvcFUKug+0PR4p5e87WdFHtpYbvjph4H5vftz9
-            D7YnwbMqwGAHoNBwE9zsxl6KPinql+DCpZBd4O8P4jwQ3pvu/rLoiQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJakhtTk9FaEI4Yll4NXlN
+            Q2UwQTJvNXF3ODJQZmsrbHBsb3Vja2xwV3g0CkFDUDhXb2FyajRaZkpLdVFFMkhN
+            SVlLSkpnd3JmWXVJeWNaRnhtR0xqazQKLS0tIGw0SzlNcm5VdFdwSkZmdmNkZC8v
+            aUVLTjJCTVEvOHl2ZmxyL2psQ2tNSnMKDfpJX3YOpuueoJGhha1Cdei5kRnbP/Nx
+            ZWXQ4VvXhVg0SCKhZcmW7on5sCBexe1P6JDxnkD0EfULmbgnQ8DmWg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age18zsr2dzd23g4x4dsqw5jzn64x7tsezqs72vj2d4hg7r9kxqxuyts69a7zj
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRmkvSHFaaFV1eGVpd1Jr
-            dUh2UWUxdmVIQVFJKzNab0N0djg5Wi92VjFnClRvMDBiVUNHeWtNUHdJazJxR2lB
-            MS9OZTNiTlFCZG1tWFdoSGZRV2hRZTQKLS0tIHBIbXBZVzJkYzUvTVFpMDd2d0x3
-            dGZQQUdxVUN4d3NVVlVMbmt1SnJTQ1kKbzh0vaSeAxUPdj3fLpZFm3APsFwE+i7C
-            ZzT89bMLeYw9q7FSwLluHR3yfMJanFObpoAs0mH5xFZVad+D5h9GcQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVkZqYk5ZM0E2NEdJMmEw
+            RXZIcURlWkFPVjBzcUw5YUFTMUZ5d1B2ZkZZCmxHYmJ2MDZ2czVveWtkZXRZSDRC
+            WmtKME5ybWtxakd0cS9GWmV6SGpYRmsKLS0tIDcwMDdtUUhyNG9oRGtpSXZ1UU01
+            WjRiL2pBbnFtVk9DN3BTUzFjSXdXUjgK7dYmDHt7879OhKC+YSq0DDa1+NSw18WV
+            XKUZRT86UU4PoV5BKZLA2zensom7hfy5BkY69Gu/mfFuUVvCcVeGHA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1jxzgv6z7emkv2rqztuuzzeq3qjq9jluu6vg0vljcltyvxps5lv3smltd2t
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NWJMNlcvakxMblFyRnRM
+            bWg0YXdRYkxMN2pUL1NwU3E5T042VW5jcEF3Cmg5UTVDaHovVmRvdVlWMEIrNm1N
+            Wk1KcEJwQk9lYjRFY0dhY1JWMkhvMGsKLS0tIDJWMStITVoxNW1XSGR5Y2lFUVd0
+            NTU4WHpkSVpJTkNxZks4TUFwbFhWaGMKdkthdQSkJufz7+KBTok1TTyDS57AYIKz
+            f21wyhY0UDZM9Ncacw5arD1v/6huWvTWmxYuuSdAyblZrLjoeXJnKg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-02-28T18:31:14Z"
    mac: ENC[AES256_GCM,data:iBl26uWB1vRzXoSklSDpgb1n6xDyFo9BvI5Hyq2eBcRuPWltNBO/WM78UBDqWf4YvtQl4cZ3ccHpV3tWe3vwnMlFhzOactsR29LZl7/7QX9+w6cXhEvKJ8/hGlKkKo2dOmyuUwn36MlJOSZlVjvU1V1JSH1LL6xEdbh0UMzeQvM=,iv:RN+GeAToEHaNegfj+wpC+c9Rz0gqhDxJl+EbEvOsyYM=,tag:gFoUcn/Wn15YLff0a8rw3w==,type:str]