janezicmatej/matej.nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: janezicmatej:36106c37fd3817d44b0947fc877eed05f6a48894
Branches Tags
janezicmatej:main
...
compare: janezicmatej:15d97fdd00922dc73378d8fe44a3f168f846c2bb
Branches Tags
janezicmatej:main

4 Commits
36106c37fd ... 15d97fdd00

Author SHA1 Message Date
Matej Janežič
15d97fdd00 merge: cube host 2026-03-30 01:03:10 +02:00
Matej Janežič
84524d59d8 chore: wire up sops for cube 2026-03-30 01:01:41 +02:00
Matej Janežič
c423050077 feat: add cube hardware configuration 2026-03-30 00:59:37 +02:00
Matej Janežič
e3b8bf5e48 feat: prepare initial cube host 2026-03-30 00:59:20 +02:00
4 changed files with 90 additions and 1 deletions
Expand all files Collapse all files

8
.sops.yaml
View File

@@ -5,6 +5,7 @@ keys:
- &tower age1frwe9fpt9vh969aqnggvq8pfypp6hl98guwfmgttucp7gr55r42sqy2t65 - &tower age1frwe9fpt9vh969aqnggvq8pfypp6hl98guwfmgttucp7gr55r42sqy2t65
- &fw16 age19qj2aaryx869cvcqp77gs9x5hcv4dqjxunkmyre78upsxda6ss7s5vquz4 - &fw16 age19qj2aaryx869cvcqp77gs9x5hcv4dqjxunkmyre78upsxda6ss7s5vquz4
- &floo age1hksdq2lc89thnpth49sw44f0pmkp950plrhhnttj4petvnfy04tsydz6fl - &floo age1hksdq2lc89thnpth49sw44f0pmkp950plrhhnttj4petvnfy04tsydz6fl
- &cube age1gqzdgnfl9d04pzg4dtwny3s4277jzpwqdck8wm7jenl30z00wslqrvy393
creation_rules: creation_rules:
# per-host secrets # per-host secrets
@@ -23,8 +24,13 @@ creation_rules:
- pgp: [*matej] - pgp: [*matej]
age: [*floo] age: [*floo]
- path_regex: ^secrets/cube\.yaml$
key_groups:
- pgp: [*matej]
age: [*cube]
# shared secrets (all hosts) # shared secrets (all hosts)
- path_regex: ^secrets/common\.yaml$ - path_regex: ^secrets/common\.yaml$
key_groups: key_groups:
- pgp: [*matej] - pgp: [*matej]
age: [*tower, *fw16, *floo] age: [*tower, *fw16, *floo, *cube]

11
flake/hosts.nix
View File

@@ -73,6 +73,17 @@ in
]; ];
}; };
cube = mkHost "cube" {
system = "x86_64-linux";
user = "matej";
features = [
"openssh"
"localisation"
"shell"
"tailscale"
];
};
# nix run github:nix-community/nixos-anywhere -- --flake .#floo root@<ip> # nix run github:nix-community/nixos-anywhere -- --flake .#floo root@<ip>
floo = mkHost "floo" { floo = mkHost "floo" {
system = "x86_64-linux"; system = "x86_64-linux";

41
hosts/cube/configuration.nix Normal file
View File

@@ -0,0 +1,41 @@
{ inputs, ... }:
{
imports = [ inputs.disko.nixosModules.disko ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
disko.devices.disk.main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
esp = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
localisation = {
timeZone = "Europe/Ljubljana";
defaultLocale = "en_US.UTF-8";
};
system.stateVersion = "25.11";
}

31
hosts/cube/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,31 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}