0xa/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: 0xa:67c994a79dd77fc3d2cfd3b7162f380a0c311dd6
Branches Tags
0xa:main
0xa:sway
0xa:conduwuit
0xa:NTWRKMNGR
...
compare: 0xa:d61b1a26eb050323397328cf86b4a62f8eb9a6c6
Branches Tags
0xa:main
0xa:sway
0xa:conduwuit
0xa:NTWRKMNGR

3 commits
67c994a79d ... d61b1a26eb

Author SHA1 Message Date
Grisha Shipunov
d61b1a26eb deploy vm 2025-02-05 20:28:32 +00:00
Grisha Shipunov
c1352fdd88 add senpai 2025-02-05 21:29:30 +01:00
Grigory Shipunov
5e7e8b5574 add soju 2025-02-05 20:15:25 +00:00
7 changed files with 97 additions and 6 deletions
Show stats Expand all files Collapse all files

1
flake.nix
View file

@ -64,6 +64,7 @@
let let
microvm-list = [ microvm-list = [
"auth" "auth"
"conduwuit"
"forgejo" "forgejo"
"immich" "immich"
"miniflux" "miniflux"

1
hosts/cloud/default.nix
View file

@ -3,6 +3,7 @@
imports = [ imports = [
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix
./irc.nix
./networking.nix ./networking.nix
./proxy ./proxy
]; ];

12
hosts/cloud/irc.nix Normal file
View file

@ -0,0 +1,12 @@
{ pkgs, ... }:
{
services.soju = {
enable = true;
listen = [
"irc+insecure://10.89.87.1"
"irc+insecure://[fd31:185d:722e::1]"
];
};
environment.systemPackages = [ pkgs.soju ];
}

76
hosts/conduwuit/default.nix Normal file
View file

@ -0,0 +1,76 @@
{ config, lib, ... }:
let
mac = "02:00:00:00:00:06";
in
{
imports = [
];
# sops.defaultSopsFile = ./secrets.yaml;
# sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# sops.secrets = {
# "wg/0xa-proxy" = {
# owner = config.users.users.systemd-network.name;
# };
# };
microvm = {
hypervisor = "qemu";
mem = 3 * 1024;
vcpu = 2;
interfaces = [
{
type = "tap";
id = "uvm-conduwuit";
mac = mac;
}
];
shares =
[
{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "store";
proto = "virtiofs";
socket = "store.socket";
}
]
++ map
(dir: {
source = dir;
mountPoint = "/${dir}";
tag = dir;
proto = "virtiofs";
socket = "${dir}.socket";
})
[
"etc"
"var"
"home"
];
};
networking.useNetworkd = true;
networking.firewall.enable = lib.mkForce false; # firewalling done by the host
systemd.network = {
enable = true;
networks."11-host" = {
matchConfig.MACAddress = mac;
networkConfig = {
Address = "10.99.99.16/24";
DHCP = "no";
};
routes = [
{
Gateway = "10.99.99.1";
Destination = "0.0.0.0/0";
Metric = 1024;
}
];
};
};
networking.hostName = "conduwuit";
system.stateVersion = "24.11";
}

2
hosts/toaster/default.nix
View file

@ -3,7 +3,7 @@
imports = [ imports = [
./amd.nix ./amd.nix
./hardware-configuration.nix ./hardware-configuration.nix
# ./irc.nix ./irc.nix
./network ./network
./secure-boot.nix ./secure-boot.nix
./zfs.nix ./zfs.nix

4
hosts/toaster/irc.nix
View file

@ -3,8 +3,8 @@
environment.systemPackages = [ pkgs.senpai ]; environment.systemPackages = [ pkgs.senpai ];
sops.secrets = { sops.secrets = {
"irc/senpai" = { "senpai" = {
owner = config.users.users.grue.name; owner = config.users.users."0xa".name;
}; };
}; };
} }

7
hosts/toaster/secrets.yaml
View file

@ -8,6 +8,7 @@ mail:
shipunov.xyz: ENC[AES256_GCM,data:cg+P+FrZ2icjfhwDGKGyUH9DejSZHpNs2bcSBPyz8g==,iv:XZFaSXnGmTL9j2sEyt5Q7+pe6rr+WA/0UGq/2Gl5DTI=,tag:oq+5EuJWJKwK3h0/e6Uozw==,type:str] shipunov.xyz: ENC[AES256_GCM,data:cg+P+FrZ2icjfhwDGKGyUH9DejSZHpNs2bcSBPyz8g==,iv:XZFaSXnGmTL9j2sEyt5Q7+pe6rr+WA/0UGq/2Gl5DTI=,tag:oq+5EuJWJKwK3h0/e6Uozw==,type:str]
dvb.solutions: ENC[AES256_GCM,data:GSjPIPA5TGMWfhdRzTsiHPfXFVGLVSpJvJG+I++i,iv:EBlk00wqADCuYTzuVcuX9kSn6TVBfN12UlcXyps6TtE=,tag:G7rKTngN4v2FtuhQEMdUQQ==,type:str] dvb.solutions: ENC[AES256_GCM,data:GSjPIPA5TGMWfhdRzTsiHPfXFVGLVSpJvJG+I++i,iv:EBlk00wqADCuYTzuVcuX9kSn6TVBfN12UlcXyps6TtE=,tag:G7rKTngN4v2FtuhQEMdUQQ==,type:str]
tlm.solutions: ENC[AES256_GCM,data:ncTMh/jw+YmcmcVU/c1I36vV1CwtmtYwfyDUx9w9,iv:vPnmdvDnEJ9FF4rDkSfPnLWebleSgI/yG7qOgJfq5ic=,tag:z4w4LOGf2v0TBSxrHULBsw==,type:str] tlm.solutions: ENC[AES256_GCM,data:ncTMh/jw+YmcmcVU/c1I36vV1CwtmtYwfyDUx9w9,iv:vPnmdvDnEJ9FF4rDkSfPnLWebleSgI/yG7qOgJfq5ic=,tag:z4w4LOGf2v0TBSxrHULBsw==,type:str]
senpai: ENC[AES256_GCM,data:nLMlw+Gw5p9pcyElvHy/d+GV0/dbTj3+Et+lzBs1YEUcsYT2lM7sN+5+4PEF6weJgHUreTl007fh8+FO8S+mUg==,iv:+5szUWaARn93RTQvY13JGn2zJ3y8iyjv09i3KtbhaTQ=,tag:OsD4IoRv8wGuUbEnsld7Dg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -23,8 +24,8 @@ sops:
bDRBWjJJSDl3bDkxenR1S2NMZW91dW8Kzhc/6HeEJfLGDaKdRSbpaMdR7XaBxdQI bDRBWjJJSDl3bDkxenR1S2NMZW91dW8Kzhc/6HeEJfLGDaKdRSbpaMdR7XaBxdQI
jnAySJCGsXxCPebRtCIdDnoLjdqdzEggEhRh27JOpeOiEukLmakPMA== jnAySJCGsXxCPebRtCIdDnoLjdqdzEggEhRh27JOpeOiEukLmakPMA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-11T01:25:11Z" lastmodified: "2025-02-05T19:41:58Z"
mac: ENC[AES256_GCM,data:Y11oSAhVwjYkuONxlWFKRTswaCMsj6/61HQgEZ9tKOxHK0mfx6CiJGqNKud7XDAebmqB3uIYNJ8zYKvM2D0+vLBp5Kk+bQX0tNXf1HXVJPYzE1GA+Wg5ZKYM5HZ339XiEEBZEbTU+ptMw2YO9mhDxYA6UnPPQ2IHNPgB/yrgfxM=,iv:iHERfH1sf35DgFYr6FkwxRxnF+qppWOqw1XJ/rJi3DU=,tag:L09jwVXKzSnACp2TSpEV2w==,type:str] mac: ENC[AES256_GCM,data:5u2hJYMHwpFd5fcHXKzOblHfgnRTjNIEL+glBsHct3xZ+G1APQg9WdgZbRWc+ypdYPFfhqXKV9RBl/UHtFEyljL7JQV0U8EfumP1WNjPaMgnWftm5qLOe0PxmrPbwsYYBdotO9GVoplghrNd1euvMsxd3F+YtU+MnY+u4dcr4C8=,iv:A61rDNajtU/NOqcemmCN348STdMI9qqPRvdd6n/EuKg=,tag:Y1zi86LNX1xlXpjbslmRAA==,type:str]
pgp: pgp:
- created_at: "2025-01-02T22:57:16Z" - created_at: "2025-01-02T22:57:16Z"
enc: |- enc: |-
@ -47,4 +48,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.2 version: 3.9.4