adtya/configuration.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

bifrost: nixos on digitalocean 👌

Browse source
This commit is contained in:
Adithya 2024-11-09 20:27:33 +05:30
parent 3c9658a57b
commit 0656576e76
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
14 changed files with 209 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -6,6 +6,7 @@ keys:
- &host_rico2 age19uy6xerll6st3s3ftfpy7075m9eetm2288l2w07k7ek6z2l3ef6qfw34cf
- &host_wynne age1jyaf9rn5d5pqjh60shs2q5hs98fwugak8z6cs6qs7yuc3wntugmsumxmv0
- &host_layne age1k2wpm88wms6hx3ldvu0n2je7pag9fexs9eq0e8hlkfcs2dx9eg9qlkf95d
- &host_bifrost age1jt8uleg4auf0h8ftl4ykq73epvgqml29q8ty0lz6kasta5h6td3shgxvrr
creation_rules:
- path_regex: secrets.yaml
key_groups:
@ -17,3 +18,4 @@ creation_rules:
- *host_rico2
- *host_wynne
- *host_layne
- *host_bifrost

31
flake.nix
View file

@ -201,6 +201,28 @@
./hosts/layne
];
};
Bifrost =
let
hostname = "Bifrost";
system = "x86_64-linux";
username = "adtya";
in
nixpkgs.lib.nixosSystem {
inherit system;
pkgs = packages system;
specialArgs = { inherit inputs username; };
modules = [
{
system.configurationRevision = lib.mkIf (self ? rev) self.rev;
networking.hostName = lib.mkForce hostname;
nixpkgs.hostPlatform = lib.mkDefault system;
}
sops-nix.nixosModules.sops
self.nixosModules.default
./common
./hosts/bifrost
];
};
};
deploy.nodes = {
@ -244,6 +266,14 @@
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.Layne;
};
};
Bifrost = {
hostname = "Biforst";
sshUser = "adtya";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.Bifrost;
};
};
};
}
// flake-utils.lib.eachDefaultSystem (system:
@ -264,6 +294,7 @@
];
};
packages.getpaper = pkgs.callPackage ./extra-packages/scripts/getpaper { };
packages.digitalOceanImage = (pkgs.nixos { imports = [ "${nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix" ]; system.stateVersion = "24.11"; }).digitalOceanImage;
}
);
}

40
hosts/bifrost/default.nix Normal file
View file

@ -0,0 +1,40 @@
{ modulesPath, ... }: {
imports = [
(modulesPath + "/virtualisation/digital-ocean-config.nix")
./network.nix
./programs
./services
./security.nix
];
nodeconfig = {
minimize = true;
nix.auto-gc = true;
};
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
LC_ALL = "en_US.UTF-8";
};
supportedLocales = [ "en_US.UTF-8/UTF-8" ];
};
time.timeZone = "Asia/Kolkata";
system = {
switch = {
enable = false;
enableNg = true;
};
stateVersion = "24.11";
};
}

12
hosts/bifrost/network.nix Normal file
View file

@ -0,0 +1,12 @@
{ lib, ... }: {
imports = [
../shared/network.nix
../shared/networkd.nix
];
networking = {
nameservers = lib.mkForce [
"1.1.1.1"
"1.0.0.1"
];
};
}

16
hosts/bifrost/programs/default.nix Normal file
View file

@ -0,0 +1,16 @@
{ pkgs, ... }: {
imports = [
./neovim.nix
./starship.nix
./zsh.nix
];
programs = {
git.enable = true;
};
environment.systemPackages = with pkgs; [
sops
age
];
}

8
hosts/bifrost/programs/neovim.nix Normal file
View file

@ -0,0 +1,8 @@
_: {
programs.neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
};
}

8
hosts/bifrost/programs/starship.nix Normal file
View file

@ -0,0 +1,8 @@
_: {
programs.starship = {
enable = true;
settings = {
add_newline = false;
};
};
}

10
hosts/bifrost/programs/zsh.nix Normal file
View file

@ -0,0 +1,10 @@
_: {
programs = {
zsh = {
enable = true;
autosuggestions.enable = true;
syntaxHighlighting.enable = true;
};
};
environment.pathsToLink = [ "/share/zsh" ];
}

9
hosts/bifrost/security.nix Normal file
View file

@ -0,0 +1,9 @@
_: {
security = {
sudo = {
wheelNeedsPassword = false;
};
polkit.enable = true;
};
}

5
hosts/bifrost/services/default.nix Normal file
View file

@ -0,0 +1,5 @@
_: {
imports = [
./ssh.nix
];
}

21
hosts/bifrost/services/ssh.nix Normal file
View file

@ -0,0 +1,21 @@
_: {
services.openssh = {
enable = true;
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
PermitRootLogin = "no";
};
hostKeys = [
{
path = "/persist/secrets/ssh/keys/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/secrets/ssh/keys/ssh_host_rsa_key";
type = "rsa";
bits = "4096";
}
];
};
}

4
hosts/shared/networkd.nix
View file

@ -1,4 +1,4 @@
_: {
{ lib, config, ... }: {
networking = {
useNetworkd = true;
};
@ -26,7 +26,7 @@ _: {
linkConfig = {
RequiredForOnline = "yes";
};
routes = [
routes = lib.mkIf ((lib.strings.toLower config.networking.hostName) != "bifrost") [
{
Destination = "165.232.180.97";
Gateway = "_dhcp4";

79
secrets.yaml
View file

@ -37,65 +37,74 @@ sops:
- recipient: age1w5rvr4nl8xvjjxpct4e2a2eajvm79v4r9nyxrcn40fm8d7h9l9cqkk0jtt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhMWpGcmtXcVp5dmxSUWQ0
RTBQd0RxNVdPODQrOVJOTjNiTkh4YjNVNzF3Cm5YUkxoT3ZPUmV2Q2xwbXBsSGl0
c2drMXY3UnE2cHJjSjdHdW53TWUzaTgKLS0tIHJSdmQ2ZXF1NnJqTGtCUER3NEtY
ejBNdEltL252RXN6M2VlZ3IyNkgyMk0K76RGGt1tXnm76nm/k6V3OObgDEnQG0eP
DDJKBQiUOqFan5Yu83CgkOFpFw+2eMFw23RFDoLmCMi8/dqAbQAqvw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZ2NPRVZxUlFZbVArSlNz
aGxBMCszb0JRbWJFNFhkcVJoa00xV3BJQ1JZCmcvZUpRODBkLzVWTDVqUWtCR3V3
ektBTkprdzFENTIxaEZZQ0RpZGRrUm8KLS0tIFc0aVhuZVh6dW4wbnZ1ajNDazdk
aXRQZUI4RVlEeGdUMXoya2RCRnMxRDQKWxogRGGH5dP8w80xBBchjxs0Hhw0o+BX
uxNQZoSYENIPESR7ydO7642r8xjLdQdfMEjKz/rnooCgB1Zy7X7kGw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mhks8qmhjrtc2u5ufvp3pv2hn7tkadvmscnp7wd0ywmnse0szctqsnpy0a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4WEl5MDNuY2VvRTh5eU5N
dFZsOEVmMklkZ3lHSG9SRTdzeTFmdGp0YURnCkxjOWJrRTA4MWh1Y0UvVDNMSFov
b1Zmc2R2MkNTUDVmVlU5c2J5Q0R5OVEKLS0tIE1HYk1veEg1NUpkQzZmWE5NeVM2
Rk5sYy85VkhLb1hpRXB2M3Ntb1BocWsKy82qsGfMLs8HSJ5yHm0TmxQQL+JYNXDs
KjUeabcRK5Y5tE/z/axYAFz+y9ib7gfVQ7O1rb7Wa78OnxbeZxZYTA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxeDZYeTNtczE4eWVYcTcy
ZDZmeU8xZlppMHlQUlkyb3h2cWRGbXpBeUFNCjUzNGs1endaZ2tzTzE2SE1CYWg2
aHU0dnlpeU9aRTYyc2hCMU1YYlBFQ1UKLS0tIERsS2VUSVllcVhUNzExOEJqSlF4
SVNNaHl0ckt4bmtSazloUnREM3VWZ28K2/DfdwYi7iMiNrHn/9FMEJX5aaL/PLoR
GYtO9JpFHFWngDSVsJm013NlsvAtCY1ep382EWK8Z/I+QahkoyBW2w==
-----END AGE ENCRYPTED FILE-----
- recipient: age106k9u5ns9h7smh3gqc40k9fft5emknvq669qdv8a29ak3ah4j38s5ng2gt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1QnlsNk03OFpEUzgzNVRD
RTJzR3dPV1hRTTNxeWU0dDA4L2lEZWQ4ank0CkdmdjM1SytORWg3VWUvdEtqQkRZ
NzNTWWd3bzhncFFpNC9WQ3RMR1ZGRVEKLS0tIENmSWNibkxXS3p6NTVLczVrZDQ0
ZVFSb3JMNHZPWnFuRTZteXJPK2x1RDAKgcCvJcOerFinIkxZMscYpIzm2DRR/Iqe
hkzGGyiL++jb5pii9FjOk0IyWmRajWxSopbixNF0EpFZB7SvuywM6w==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZOVBSdllDeWlaSWIvbWNq
ZVU3SDAvUlhOK0NXZWpDK1g2YlhBbnJoNEZZCnVMb2lRVjlIZDdQaDZONVRlSUJa
VElXOGl1T1ZseUFBY3ppUUZocGwyR3cKLS0tIG0xZE9BSlcxazRHQXZnNHl2RXRm
bjVsNkk5MGxHVW15RHF0ZGE1czgrQlUK43DGYjIydqND7bSG/9fE8HMm3jzJ7KzI
tS94Djek5QSY2xQxXVdLQ3g9Rnbm7HF8bTjDlOhBM7drryuraLEBlg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1829x4l8vdhcn97af0zq898tupll0smrqywxka4pswkt6mtn8qp7qqnnnl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzcGRmZHJYU3BxRUNZcStS
Q3RQcncxWjNOcVgzOGFuRDJDMGRKUXgxZld3CnVvY0ZFSHp4Q01wQlpsWHBOeGhs
TEdudVg2RVRLT1A0VngvbFlORXg5U2sKLS0tIFhkVnkzaVdxWlptTDE0N3cvZ3Ft
Zy93VlBLOU9lRm1JU2Q1WUNOY0UwYXcKRXB/cx+C1RI/KTPhBSAX6WYJfTZeT0fJ
i9syUWhIxpozsaXhN4wRw3fdQCFtDI8zXqqqpWoV9Pc3mU1SakWI+A==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNVW03RVlVUlZYOW5VdWdT
K1NjaWswK0xSUzduUHgra1ZON3dsTVBFSWxjCkt0NnRVVXA3TnYwTlBQNXZTdG1t
YVRQTWcySVRrQitOQjNlc2JBWmNXME0KLS0tIFhUa1IzY0dSSWJRR0FIOGZ5QkQv
dXQzNXkyTlVPdzhGMXdjRS9ENnFHL0EKB4YiqGAcL0VlRRj0TPwfgSKHKTEnGBsO
cbSd3iKO9TDxWQwz46cpY6NmRTORlq4j0kzPAm4k5JLHUVwulgwb0g==
-----END AGE ENCRYPTED FILE-----
- recipient: age19uy6xerll6st3s3ftfpy7075m9eetm2288l2w07k7ek6z2l3ef6qfw34cf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4RkE3dGVBUW5zTmdnSGd1
ZkhDVTFNSkFQUDZvMjdObXdOTk1BMDBFM0FzCi9hTjUwdmQ5dytmUEdlN0VJRzAw
NWs3b2Z6L21QMTVZRGM1dm5GS0ZmdzAKLS0tIHpsbGk2N1RGRmtZMTR2MTFYTWRs
Z2d5cEczcFZUZTVGUFdiY2hKOEV5T1kKoJm8Y0yqY/Zxu/WMlnGsLZNEeAnXPLgz
kKmcVecpz/mOJ4rrnx+PsrPLhnL2ZW5ZavcmMaUJy7QNZ/XBgEZhCA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhSU40amdyMzZ6Wm9TUHc2
VXcwN3Q1azQwaEtxZDZpdW8xemMwcVZJb1E4ClVHRjY1TEFMZXdtWVExYmRVWkJk
NmhHZysyUkI4VnJOZzVSQlRwbXI2QU0KLS0tIFJpbmRFRUM5MzlSNDF2RC9Fd0dY
VlByaWhmemc1WWxCQmkyQUxVOEc1SDAK42kD7infmLQKLjZUcsu6EHAMV5zRzGRb
E6hv2YYUHF7uLgEcPEq4hJZ72kjMyyqyebv0qLQB5VIylifrMJrO2g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jyaf9rn5d5pqjh60shs2q5hs98fwugak8z6cs6qs7yuc3wntugmsumxmv0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYV2NNOFAvOWlESGJRN29w
cFBTR0JBY295c2drbm1LSVA2MXhGNDcrcmlvCk1WU3ltMmJuOXdYVkJacmJmeExH
ZU1YSnhDaXVqa1ZmcmdIYXJKS2o5VjAKLS0tIFlGVHFJTC9hQy9EWTJhWU4rdkdS
S2ZBMDNpMTdTQWtzc1o0dm9JRnU4SXMK/jC+w8/yeGuFOyWzDnPJI19+oNleiwDw
qtRbjD8+hCTDPUB78nZYSEKVWB4lcLEhT846W8V8xF4vM+EyCEbiHw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQU3ZTOGtIamlOQzNrTDg0
SHUzR1F6RTBtZU1zNDVFUFFFejBlUFRYUkVJCnkxZWFuVGJCV1Nzb29Sa3lxU2x2
bm4zSFp3Q0hHUEJUTEpuem9rYmE3YnMKLS0tIHUxSEZQV1B3ek5KYUZjbG03c1Rh
Zm10bjJwWkQwcVVVVjVxWGFRVGwrOFkK/LmuPpecWWHnTa4DXY2UiCUOfsxUG04Z
dKZ9GAyA6QPsBJgrEHxNd/PHmLIEA/Vhw12ZsSKCksaFD2at8q513w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k2wpm88wms6hx3ldvu0n2je7pag9fexs9eq0e8hlkfcs2dx9eg9qlkf95d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzUCtlRnRtK0tZOGpQOTlk
MzRaRFhXV2kzUHVYYlFQcm93UVllVVFyY1dVCmFLNlRvNjJBaW5GWmJ6eFhsWmtY
N2trOERxTmNHWXUwNk9BcmVleEpXTVUKLS0tIFYzL005bDZaUVVQWW1nd2JKWlFk
YzdpTitkMHh6VUFtV2FodVF6OWJkTU0KBjC+esgHZ8hTWXwZ+cy4++jLP+gsruHM
fmRDhvQu0MNHkjQ8q4VmwRVl10uc8CyTDFTuyDoAhvmnzXHtrg1wpA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaaVpYU3JJQ05iNGdYNHMv
MjFIcEw4bk9UdWVaSnhncUJkYmlaaHlxSnpRClJMemtIcklGUzE0ZzZaVXNiS0dO
SGdxWVpjRzdHSDROcVl2bTNxVzlwTmsKLS0tIFE4cHFpOWpSYlRLYnZjVmlTc1V2
UVV6WlpRbzk0UjZVL2RMQmNnNnlvZ1UKhrTqF6vq1c2jsrvjtMv+03fwj5MZIVTn
uPY7OHqm0scOxARNIW7nVYeTIxNYFEPvfZiriydrOtXfrVZB4u82IQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jt8uleg4auf0h8ftl4ykq73epvgqml29q8ty0lz6kasta5h6td3shgxvrr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ajFvYVJxejJkcTM0Rm5n
a0tOWFE4Q1R6ZS9qZE1BTVZybnRSTS94Y0NFCjJIUjRwODMvcmFKN3VvYUNVOFB3
V1lJZW56STFra0JsRXF0RVM3eWtLaTQKLS0tIC95SmtrRTFRbW0raCtZWTN4RkFJ
UXJhWFFnQnFvOEF0M0JFb3E4UVB4UU0KSUq4d8eudY03p/fd8S8f1wk0OU4BlNYB
tldkOx2DhSvcVr/FcIJIR2PFbU8o50kYj9R0HR2sHJ5C5fJ0cDXY4A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-31T05:28:50Z"
mac: ENC[AES256_GCM,data:PbyhjXr/IZw+5q0PqTjXowHaiB31NjZzYpKhVV5s43+XrdMpVhcaqr9Gs7yTsqNsSc36uZ1YRymwYr8i+bF1k81lvDgyEr38Pl3vcEoIy+jNPaVnxXBRW6CL69cKfC058GmuPRYIyevorw3G3DtpLsCT5lGiMS9XedmBMf3rsw0=,iv:lHO27bURe7apOq/2KQXttou/OJMRM4uBrpqH26hBIDE=,tag:1ulMCx3/UCWCplUv+NJqNA==,type:str]