From 55aaa99f27b2578100fd3965332cef285cc425a4 Mon Sep 17 00:00:00 2001 From: uku Date: Sun, 1 Sep 2024 17:32:09 +0200 Subject: [PATCH] feat(systems): add mottarone --- secrets/mottarone/rootPassword.age | 12 +++++ secrets/secrets.nix | 4 +- secrets/shared/tailscaleKey.age | 26 ++++++----- secrets/shared/userPassword.age | 26 ++++++----- systems/default.nix | 5 +++ systems/mottarone/default.nix | 1 + systems/mottarone/hardware-configuration.nix | 46 ++++++++++++++++++++ 7 files changed, 95 insertions(+), 25 deletions(-) create mode 100644 secrets/mottarone/rootPassword.age create mode 100644 systems/mottarone/default.nix create mode 100644 systems/mottarone/hardware-configuration.nix diff --git a/secrets/mottarone/rootPassword.age b/secrets/mottarone/rootPassword.age new file mode 100644 index 0000000..b98c27b --- /dev/null +++ b/secrets/mottarone/rootPassword.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoL1RxdEw2dm10RTV5cWtY +OW5PdlZ2YWZlVEg5Tkt6dnZsblVUWUprKzNjCmpBZjl0RnoxZmZTUjhla2h1dVB3 +bTJKeXoxNU1CN2dRQjM5NzNCdVdVWDgKLT4gWDI1NTE5IHpoeHJRRUQ4TGFnUUV6 +YUVOeVBVMHZ1MWRGc3dBM2lDaDA0cDhxQitta2sKZnBWQ0E0aVI2VjZhS3VoQU5J +Y2tua1h2MzlQNmQ1UnR2ZTd4TGVpcTZmYwotPiBYMjU1MTkgTDZ3U3l6Um5YSmFo +NUY5MXJ6TThXZ25PQll0MGRvS25Ha08vUm9nRlprYwo1amhlMGJiY1NQTWxBVVZP +Y1I5aGV5QVBHNXBqTmNwQll3WENUNGhVbDVZCi0tLSBJNUROUnN3MXFrT2RZM213 +MG4wdDh1QkhqRUc0ZFdnSlBOVW9GdzEzUnpJClbCQW1yJKr9uq9ZCBmXJlzeT858 +X8PMcPIRNIv6EIEQT4N8d1dSDhwMEKdin4nF/OU9WyYwaEv+PPJBQpPVfAbUi9mO +29m44D029JlBpBZpb1iWPO2T3a2PvcD8Y9JCYVSlofLLeJ3LHXE= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index dc42b80..1535ecf 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,10 +1,11 @@ let fuji = "age16ujdfcahmnhe4ygruf28n0urgxycv8zgsp4f8856a5suewhn49cs0mqk7w"; kilimandjaro = "age1ny0re542mcvf829y28rz6eta9myaqlxasfnn933srw64dlgavpsqc59q79"; + mottarone = "age1gfqwnjaajztwu72j8j6f5drdgupkvghsafzma4305pk95spf6u8q5e6zs8"; etna = "age1m3jm6c5ywc5zntv5j4xhals0h28mpea88zzddq88zxcshmhteqwqu89qnh"; vesuvio = "age1g2z0tztrv2w7wtludjrd85q7px3lvjms0cjj32zej9dqpjwpscwsle6xhf"; - main = [fuji kilimandjaro]; + main = [fuji kilimandjaro mottarone]; all = main ++ [etna vesuvio]; in { "shared/userPassword.age".publicKeys = all; @@ -15,6 +16,7 @@ in { "fuji/rootPassword.age".publicKeys = main; "fuji-wsl/rootPassword.age".publicKeys = main; "kilimandjaro/rootPassword.age".publicKeys = main; + "mottarone/rootPassword.age".publicKeys = main; "etna/rootPassword.age".publicKeys = main ++ [etna]; "vesuvio/rootPassword.age".publicKeys = main ++ [vesuvio]; diff --git a/secrets/shared/tailscaleKey.age b/secrets/shared/tailscaleKey.age index 18b1876..1c143fb 100644 --- a/secrets/shared/tailscaleKey.age +++ b/secrets/shared/tailscaleKey.age @@ -1,14 +1,16 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNcEhGeURoajhhZnp0YXRo -L01BRHY3UjBKRC9iQUNBUEpudUE4N2EzQmdJCjNBV2wvRXNTajd6WGpGMVZidjBZ -ZmY4TENVY29ZZU5ERVdZNFl5VEk5VVEKLT4gWDI1NTE5IGZ3WEFVTHRYZUJCcWNs -MlZLYnpRbld6U0ZtNzFpdTliQ0JWc3JuZG1tbmMKY3BSRzJURDlrT2habDgyVGVl -VExCejRmMUI4aGp2WlVBWmZzU2dOS1NaNAotPiBYMjU1MTkgUzlpYzVBUHl6alhk -d2VydmcyMHVBemxyc2VJQ3c3V2lWOE55UE5TS3NUWQpjMlRrc2NoeklrVzRjMFB4 -TzFlZTNhcnU3VXlieXlpUG1zbTJSWXFjUG1ZCi0+IFgyNTUxOSA2ZW1UUkw5K3BH -dVFKYXFocU5wQmxWdG5oWmJBQThPN1cwb0hFTndyL0dVCld3Z2NiMGljb1IzYlpv -NTB6dlpZRGJhUnI0NmxROUs0UUEwSWM0VXF6ME0KLS0tIEJjaDc0dFpKTzNYc0t4 -WVlETEZZZ2dWNUxGc0lEb01ZN003MXkvenNUNkUKa3mnAvgTgZB9hqvAETK5hXnL -Q96Q7B1+gSJhhX36g3pzhmjTzRgSLfJhj1iT0+EEudjRV1v+qfvsB837t9ModDsj -GadQ0ky7/WReS6QtKU5KF7CbSP/fmsVTZ1+0gZk= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TlI1TGVYQ2ZlaTZ0Ukti +U0lwenM1ekxDdk0rWi9rc21IeG9XMzFnZlNNClJVeUlkMEVXSE9ZZ2xMblB0MzFB +TXJldHBIak0vcmgvWHZyc2VYOE10ZzgKLT4gWDI1NTE5IHRpK2FBajgzdURmcGlN +VkhOWWdydUtvQnQ2M3RNQ0ZSWGdaWEhFRjdXUlEKVTZqK3dRNUpOTHlKRmgxOGV2 +SFRRR0NYNTVrd3JmUGxlR2V0Ni9PTWNncwotPiBYMjU1MTkgMCtQNlNUcXdBNlcv +aVNtTG1zUVJnTlhROFpPMnFpYnJ2VE1hZUdsK0V4cwp6YjBHM0dxdFNxazQzQ2JB +UENVdTVhQlZ4UExHeFkxc2NBcnBSamFyMXRrCi0+IFgyNTUxOSBwU0x3OHdZK2M3 +dThsT1RJUXJRT1JwZHBZU2NxTVpZT2YxclUyZ3ErUEVjCldCZm9CTUNVc0VqRjYv +bXR6NTdxYjRlSFo1c2FXcDBjbFp0RTMrUnNpVFkKLT4gWDI1NTE5IDRDYlYveXFp +MXRHWDhCT2xYWnp1VG9SeFJoUlBXeVBZMUdSeFoyamhtVlkKd000RGFENDRPcmI4 +MXN6UzZ0NlBjdHhMekE2Y1pleS9KZDUwK1NSZDg3ZwotLS0gakpkcmFXSTFYY3dh +c3BnNVR6YlNwc0Vhb01tTmJDMXlLNnhMdDNyZmZoZwrs7Ped4A7zJSqVybjIWVMx +BS8q3idSQVElJMDuyj3u+wPRnk5umxX570vxgljO/McVLvg2/UMFfmG747Ug5jub +Q/ASEMsQZghPWXQUpfNXSmpfPzg0MNx2dDRyOGnlog== -----END AGE ENCRYPTED FILE----- diff --git a/secrets/shared/userPassword.age b/secrets/shared/userPassword.age index 08cc846..8900393 100644 --- a/secrets/shared/userPassword.age +++ b/secrets/shared/userPassword.age @@ -1,14 +1,16 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHMGJUTzJnTjM0R29vb2ds -bEJha01PSm9ON3NIOHk3V20rT05oNUNvdG5JCjh3bFhYL2xJUXZMY2IwWFc5U3E1 -TmtPcWZ3QW1PMlErbE5wbHplWTN5NDgKLT4gWDI1NTE5IFYyVTFmWXZZMWp2Rjcv -NDRPMjFiMTkybno5bnNvenpaRUljNUlJMC81RFkKZkxkMTJUU0dLS1hDU1RXRE41 -ZFZIbWRFVGI0NVE2QkhhTW42T3FkWUFPbwotPiBYMjU1MTkgVmlLMEEwTDUweG5G -QWR3Y2I1b3lmYzMrR01VTExqK1RGaUVqMUczOXdtQQpSNFRPUWsyTEZYdDdQenBl -dlUzR2xlUVZxQ2NhQUd6OG1LRFJGRmgrZFNvCi0+IFgyNTUxOSBKZGhSSEhuREJ2 -MllJT3E3T2w5bDFqRFpuYkgzOGxnTEw1OGY2R3JML3hjCmRLQjFIQ3ZlQTI4bXFz -eCszc3JveHYwdFJpaWUvZUxtZmgxbUZZV2grQ1UKLS0tIGpaa3ZVSXg1QmtJbU5P -ams0WThZT25DaTcvSGxiQ2pHb3lueUVxYlc0blEKibpOZMM3Q/hdXjd4zp0bFvT/ -5S3S0zhAD+jo3C71Q5sUvbvBalRemzUEpBjXiOgMu3CIOi/R5GV1U3va5qHJxRiu -cN7Zpn+45mG5lo+zSP5Ox8SiaFstpwSZ+BaBWGmzvBBzS4VVHS2PhA== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1dUtONHR0Q3ZKdzc5dFZk +RE5NaE9GU1NCSXg2RGFiL3daMFFPYzQ3bXkwCnBKWS9XV0doRGJMM2Y4SUgxbmxx +VkxCTkVDeXV0djU4WnFVRDl0eTM1UUUKLT4gWDI1NTE5ICszQlJyM3FkQXlPbU8v +ZFhVNFg5MjJDaXhxREM1TUlQaGFlL0M1YnFXVVkKdExUTkg2dnFERzg3dDdCUGc4 +dVBZaGk4eWJXMGdRRFlqb0RyOWZXbG5ZdwotPiBYMjU1MTkgMTlGaW9kZGZFRlRV +bXZtdFgrUG9KV0FKQUdMb0Q0ZGJITkVFZnRMUGRHQQpkRG9xQmVhcFU4SmZFVXdj +N1BrdDduNXFLelMyZ1ExTXJ4aEppeTg1SExjCi0+IFgyNTUxOSBzakp1MGFlejBX +a3dIVHU2YWRLdGc0YTZ1SitxUU84dHJjam9HSUJKdWowCjRHNWJWVXVXaGUxSGhl +NFVyQ1BJTWpzeEVLZVFIQXdlR0tabGY3dGJvNXMKLT4gWDI1NTE5IHhQbzVQaXYx +TEJRUCtkeGVyc05QaytqRGptYkpsVWxvSkVPT1p5L2hMUncKbWVCVnNXRVd5bDZP +ZTNtR1lIZ3g3N0dQOGJQZDZwU1NMT3oyeVFQVDl6ZwotLS0gc01vcGN1QXQwMWtk +d3FKU3hBbklDUnRidVNGd2dwSHJiUVpKWWNad2ZyWQrHataevW8o1lI6eVWGOh7Y +Bs1HB2Sv/b0T5CAIb2nI/aNrp53g8FKu/HvuHkoYcg+ZEqT6iDOtsxhRyGrZ+uiM +6JpO7in57t5CbpdzUVFbdZfeqRaK5JFyspvjGsniEt75ZchkWz7dOZdG -----END AGE ENCRYPTED FILE----- diff --git a/systems/default.nix b/systems/default.nix index d911db9..84eb9e7 100644 --- a/systems/default.nix +++ b/systems/default.nix @@ -40,6 +40,11 @@ in { system = "x86_64-linux"; }; + mottarone = { + role = "laptop"; + system = "x86_64-linux"; + }; + etna = { role = "server"; system = "x86_64-linux"; diff --git a/systems/mottarone/default.nix b/systems/mottarone/default.nix new file mode 100644 index 0000000..0967ef4 --- /dev/null +++ b/systems/mottarone/default.nix @@ -0,0 +1 @@ +{} diff --git a/systems/mottarone/hardware-configuration.nix b/systems/mottarone/hardware-configuration.nix new file mode 100644 index 0000000..84f6d3f --- /dev/null +++ b/systems/mottarone/hardware-configuration.nix @@ -0,0 +1,46 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/e36f709d-a4ea-4310-8c0d-8752afacba3c"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/D4AA-EE25"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/316ddc44-0359-40ac-9dce-2d78817fbb29";} + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s13f0u1u4.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +}