diff --git a/.sops.yaml b/.sops.yaml index 0e61173..1efdf3c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,7 @@ keys: - &admin_oxa DD0998E6CDF294537FC604F991FA5E5BF9AA901C - &toaster age1qyj95tsntreefqeetawqy5pf26456s9c0v3tzz8yzs706c0jsg6qv56jzk + - &cloud age1j3xpuuqaph5z885er90mftfsu6g3hw4q469k37a3veqktwntzdpqgue4z5 creation_rules: - path_regex: secrets/toaster/[^/]+\.yaml$ key_groups: @@ -8,3 +9,9 @@ creation_rules: - *admin_oxa age: - *toaster + - path_regex: secrets/cloud/[^/]+\.yaml$ + key_groups: + - pgp: + - *admin_oxa + age: + - *cloud diff --git a/flake.nix b/flake.nix index d57e5ee..4e6de69 100644 --- a/flake.nix +++ b/flake.nix @@ -34,12 +34,12 @@ outputs = inputs@{ self , flake-utils + , lanzaboote , microvm + , nixos-hardware , nixpkgs-stable , nixpkgs-unstable , sops-nix - , nixos-hardware - , lanzaboote , ... }: @@ -68,6 +68,15 @@ ./modules/chromium.nix ]; }; + cloud = nixpkgs-stable.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + moudles = [ + sops-nix.nixosModules.sops + + ./hosts/cloud + ]; + }; }; }; } diff --git a/hosts/cloud/configuration.nix b/hosts/cloud/configuration.nix new file mode 100644 index 0000000..470f9aa --- /dev/null +++ b/hosts/cloud/configuration.nix @@ -0,0 +1,14 @@ +{ ... }: { + imports = [ + ./hardware-configuration.nix + ./networking.nix # generated at runtime by nixos-infect + ]; + + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + networking.hostName = "cloud"; + networking.domain = "oxapentane.com"; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJl9iYG5oHBq/poBn7Jf1/FGWWbAnbx+NKjs7qtT3uAK'' ]; + system.stateVersion = "23.11"; +} diff --git a/hosts/cloud/default.nix b/hosts/cloud/default.nix new file mode 100644 index 0000000..adac89e --- /dev/null +++ b/hosts/cloud/default.nix @@ -0,0 +1,7 @@ +{ ... }: { + imports= [ + ./configuration.nix + ./hardware-configuration.nix + ./networking.nix + ]; +} diff --git a/hosts/cloud/hardware-configuration.nix b/hosts/cloud/hardware-configuration.nix new file mode 100644 index 0000000..5e7b44e --- /dev/null +++ b/hosts/cloud/hardware-configuration.nix @@ -0,0 +1,9 @@ +{ modulesPath, ... }: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; + +} diff --git a/hosts/cloud/networking.nix b/hosts/cloud/networking.nix new file mode 100644 index 0000000..f219659 --- /dev/null +++ b/hosts/cloud/networking.nix @@ -0,0 +1,33 @@ +{ lib, ... }: { + # This file was populated at runtime with the networking + # details gathered from the active system. + networking = { + nameservers = [ "2a01:4ff:ff00::add:1" + "2a01:4ff:ff00::add:2" + "185.12.64.1" + ]; + defaultGateway = "172.31.1.1"; + defaultGateway6 = { + address = "fe80::1"; + interface = "eth0"; + }; + dhcpcd.enable = false; + usePredictableInterfaceNames = lib.mkForce false; + interfaces = { + eth0 = { + ipv4.addresses = [ + { address="188.245.196.27"; prefixLength=32; } + ]; + ipv6.addresses = [ + { address="2a01:4f8:c17:7f8a::1"; prefixLength=64; } +{ address="fe80::9400:3ff:fef6:132d"; prefixLength=64; } + ]; + ipv4.routes = [ { address = "172.31.1.1"; prefixLength = 32; } ]; + ipv6.routes = [ { address = "fe80::1"; prefixLength = 128; } ]; + }; + }; + }; + services.udev.extraRules = '' + ATTR{address}=="96:00:03:f6:13:2d", NAME="eth0" + ''; +}