From e3b8bf5e48540a7a9297f197f319ea6ab712f623 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Jane=C5=BEi=C4=8D?= Date: Mon, 30 Mar 2026 00:59:20 +0200 Subject: [PATCH 1/3] feat: prepare initial cube host --- flake/hosts.nix | 11 ++++++++++ hosts/cube/configuration.nix | 41 ++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 hosts/cube/configuration.nix diff --git a/flake/hosts.nix b/flake/hosts.nix index aca1f2d..96fe161 100644 --- a/flake/hosts.nix +++ b/flake/hosts.nix @@ -73,6 +73,17 @@ in ]; }; + cube = mkHost "cube" { + system = "x86_64-linux"; + user = "matej"; + features = [ + "openssh" + "localisation" + "shell" + "tailscale" + ]; + }; + # nix run github:nix-community/nixos-anywhere -- --flake .#floo root@ floo = mkHost "floo" { system = "x86_64-linux"; diff --git a/hosts/cube/configuration.nix b/hosts/cube/configuration.nix new file mode 100644 index 0000000..98d9f67 --- /dev/null +++ b/hosts/cube/configuration.nix @@ -0,0 +1,41 @@ +{ inputs, ... }: +{ + imports = [ inputs.disko.nixosModules.disko ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + disko.devices.disk.main = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + esp = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + + localisation = { + timeZone = "Europe/Ljubljana"; + defaultLocale = "en_US.UTF-8"; + }; + + system.stateVersion = "25.11"; +} From c423050077240fe3e72247fbd31b544860cd34fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Jane=C5=BEi=C4=8D?= Date: Mon, 30 Mar 2026 00:59:37 +0200 Subject: [PATCH 2/3] feat: add cube hardware configuration --- hosts/cube/hardware-configuration.nix | 31 +++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 hosts/cube/hardware-configuration.nix diff --git a/hosts/cube/hardware-configuration.nix b/hosts/cube/hardware-configuration.nix new file mode 100644 index 0000000..edda651 --- /dev/null +++ b/hosts/cube/hardware-configuration.nix @@ -0,0 +1,31 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usb_storage" + "sd_mod" + "sdhci_pci" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} From 84524d59d8b8c3e083122d689034719c1306200e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Jane=C5=BEi=C4=8D?= Date: Mon, 30 Mar 2026 01:01:41 +0200 Subject: [PATCH 3/3] chore: wire up sops for cube --- .sops.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.sops.yaml b/.sops.yaml index c2c129b..2e6c625 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -5,6 +5,7 @@ keys: - &tower age1frwe9fpt9vh969aqnggvq8pfypp6hl98guwfmgttucp7gr55r42sqy2t65 - &fw16 age19qj2aaryx869cvcqp77gs9x5hcv4dqjxunkmyre78upsxda6ss7s5vquz4 - &floo age1hksdq2lc89thnpth49sw44f0pmkp950plrhhnttj4petvnfy04tsydz6fl + - &cube age1gqzdgnfl9d04pzg4dtwny3s4277jzpwqdck8wm7jenl30z00wslqrvy393 creation_rules: # per-host secrets @@ -23,8 +24,13 @@ creation_rules: - pgp: [*matej] age: [*floo] + - path_regex: ^secrets/cube\.yaml$ + key_groups: + - pgp: [*matej] + age: [*cube] + # shared secrets (all hosts) - path_regex: ^secrets/common\.yaml$ key_groups: - pgp: [*matej] - age: [*tower, *fw16, *floo] + age: [*tower, *fw16, *floo, *cube]