felix/nixos
1
0
Fork 0
mirror of https://github.com/Stunkymonkey/nixos.git synced 2026-04-27 07:48:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

machine/playman: init

Browse source
This commit is contained in:
Felix Buehler 2026-04-03 15:14:05 +02:00
parent be973e1d11
commit 2a44b8e852
15 changed files with 265 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

6
machines/.sops.yaml
View file

@ -5,6 +5,7 @@ keys:
- &workman age1f2e644jteyeppfaatajtvjmsupl0e7nzx97ded6m0cgzw04l84ks5xl9l2
- &thinkman age1spt854cdscqs757a8kazth52rv4p9udh54suw9lpzlqg5savyapq2u0c03
- &serverle age14nt7qcsrye0vrpk0xcgcfmhkxwwumna39fpn83g3x0zml62skatqpnmhk4
- &playman age15d6y9s30t6ggdec4aqycxr4lht98rz77w5rvpnplf3fnqcgyau2qgcwh3g
- &newton age1s9spl75rwhgm3cvvqsr9rze5m0kuxqes2tsxjmq07xg5ycn5j47s2m0dlu
creation_rules:
- path_regex: workman/secrets.yaml$
@ -27,3 +28,8 @@ creation_rules:
- age:
- *admin_felix
- *serverle
- path_regex: playman/secrets.yaml$
key_groups:
- age:
- *admin_felix
- *playman

7
machines/configurations.nix
View file

@ -82,5 +82,12 @@ in
./serverle/configuration.nix
];
};
playman = nixosSystem {
system = "x86_64-linux";
modules = defaultModules ++ [
nixos-hardware.nixosModules.dell-precision-5820
./playman/configuration.nix
];
};
};
}

17
machines/playman/boot.nix Normal file
View file

@ -0,0 +1,17 @@
_: {
boot = {
loader = {
timeout = 0;
systemd-boot = {
enable = true;
configurationLimit = 10;
editor = true;
};
efi.canTouchEfiVariables = true;
};
initrd = {
systemd.enable = true; # for a nice password prompt
verbose = false;
};
};
}

29
machines/playman/configuration.nix Normal file
View file

@ -0,0 +1,29 @@
{ ... }:
{
imports = [
./boot.nix
./disko-config.nix
./hardware-configuration.nix
./network.nix
./nixinate.nix
./profiles.nix
./services.nix
./system.nix
];
networking.hostName = "playman";
sops = {
defaultSopsFile = ./secrets.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
gnupg.sshKeyPaths = [ ];
};
# needed for cross-compilation
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
system = {
stateVersion = "25.11";
autoUpgrade.enable = true;
};
}

72
machines/playman/disko-config.nix Normal file
View file

@ -0,0 +1,72 @@
{
disko.devices = {
disk = {
vdb = {
type = "disk";
device = "/dev/disk/by-id/nvme-eui.ace42e817028d9c6";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "encrypted";
settings.allowDiscards = true;
passwordFile = "/tmp/disk.key";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
home = {
size = "500G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/home";
};
};
swap = {
size = "32GB";
content = {
type = "swap";
resumeDevice = true;
};
};
};
};
};
};
}

29
machines/playman/hardware-configuration.nix Normal file
View file

@ -0,0 +1,29 @@
{
pkgs,
...
}:
let
cpuFlavor = "intel";
in
{
boot.kernelPackages = pkgs.linuxPackages_latest;
my.hardware = {
bluetooth.enable = true;
debug.enable = true;
drive-monitor = {
enable = true;
OnFailureMail = "server@buehler.rocks";
};
firmware = {
enable = true;
inherit cpuFlavor;
};
graphics = {
enable = true;
inherit cpuFlavor;
};
keychron.enable = true;
yubikey.enable = true;
};
}

6
machines/playman/network.nix Normal file
View file

@ -0,0 +1,6 @@
_: {
networking = {
domain = "buehler.rocks";
search = [ "buehler.rocks" ];
};
}

8
machines/playman/nixinate.nix Normal file
View file

@ -0,0 +1,8 @@
_: {
_module.args.nixinate = {
host = "playman.local";
sshUser = "felix";
buildOn = "remote";
substituteOnTarget = true;
};
}

11
machines/playman/profiles.nix Normal file
View file

@ -0,0 +1,11 @@
# enabled profiles
_: {
my.profiles = {
clean.enable = true;
development.enable = true;
gaming.enable = true;
nix.enable = true;
sync.enable = true;
update.enable = true;
};
}

30
machines/playman/secrets.yaml Normal file
View file

@ -0,0 +1,30 @@
users:
felix:
password: ENC[AES256_GCM,data:MHiZkTDna6nz6JhCst0uQA7MKDLtXzIqZuJEYHPgC6dRmGckYBUR0mXqh+5lLlCOeqtGbyBFKQ7tv7hpgIOX2lVyX4V99IICzw==,iv:p9ZtVpL2u64iEQuo3TF+5kFaWLd0wHT16lT4Wx8QLyo=,tag:o9g2wKQfNQyv3078tL58Nw==,type:str]
borgbackup:
password: ENC[AES256_GCM,data:bWZUeX09dxLjiHVsymKi3zArtxW4aEkVU/eLa3RbdvI=,iv:sRxy7Y0EggxXf6tGQZJdVfggcBbQD+1w2hvJgQCyr3Y=,tag:Up/opwQwl8+t1Yt26012GQ==,type:str]
ssh_key: ENC[AES256_GCM,data:k5gDazMB8sVwJANws8nORGvM8baxwx+kniFIlc50WaJplerbsk1ZspxRes5vnMeEM0UBawtBkHUXpcXVo5KXU/hXd1sDHQe3CFBhKjSFwls3b9LSmt81mBYjrlPeHMah5/PHOz5RDj5skpZ7rd5AzVOfu+aB4qUogl/gAP9aEMdtuIBx/uKXba3ER5590vLpd1Q4sxAuiWnkXi02rgW6Pzyx9RqcUU9KWLQuhfnyeEZ+PPjR4NHPJBr4TkUJ3DR2UziCtlOH1H0kKeDIj/pWqXKx8C5p7RRRkPxZ/qLmDqMtt3Cjs7MlDFUijvfnDSieKoa3JIZw9Kb9AlomkgfqrCOUEaNCBZEq/ovAj7SXm13t50SFGZfTRVul3AcToRxauzhrKXvoUbvKu0Qd4zSOPIXU4tnxodCrWraEbAXKJ+uqKH6N2RA8vxnT06Yqv9SY75hDbPIDvK/44+YWrQU5hNWYKZ+Afnadps2+huqNLbiih+/0AzTAAhtqUYsuQS+1ybTT5fsoakMssRf+wyi8,iv:vGaEIaeQGGOgLMu9oZwr/+N1/IzPPuOElMXczEZkwSw=,tag:VKzmy3Zy1C+VUgqAkscGfg==,type:str]
sops:
age:
- recipient: age1hf8m9upp00dr7qv2kmqdr50fpvd9ejzkfu8yknqnuda2aas2tvrs4l3u7m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFblpKaTJIVTlVMHRjemZX
VWhmbU1vTzlxRDNQM1N3Y2tHb3ZZdUwvSFdFCnc4cTkyaWtxTEhEbUpXd0d3bnFJ
QkdaRHRvK2ZqazZGdGFoZFJwTUVCOUkKLS0tIGc4SUtZeGg3QXhwcW9NVk4zMVVo
andwd2Eydk5oRzBRTlNwdzFVQ1QwYmsK7Rn/P4JCjajb0seyzFRcnIxsz2WgkbYf
wF7wsXoBZrwGPu2otrn2G/4IYrXYn5Gf2K/sjKVo/PtsnHLRWEWgBw==
-----END AGE ENCRYPTED FILE-----
- recipient: age15d6y9s30t6ggdec4aqycxr4lht98rz77w5rvpnplf3fnqcgyau2qgcwh3g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4KzgwZzIrbVFFWE1OWWsr
ZElTQjhLOWgzZGRXcnV0dnpYejFhVWRXREhRCkxjU2NNQmdLQzY2Wm4yZjlSWWRu
OEpmcXcvblh1N0Exck1mMmRLZmd6VHcKLS0tIE5hUGV1eTRYUk51RXY3R2Q0ckVn
aHlUbExuSDlQZWN6TlEzdjAyNTBiaUUKM2w9fi0MJa4ujpkcrtyQqmjOYaTsbdBJ
wBDbuJ1EazT47T4g9ycilbFS6LvugfJxfrzN0mW3XEuiWkrsYIIsPw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-04-03T15:10:27Z"
mac: ENC[AES256_GCM,data:p3Ke6ZCuuBYOzrcLGtnC4Kk8Y8S+EM8WlyT0hNFyoA/Ds6aI+FtOuNKfZN4Znh2KbLZBOaz6UJ+jDaMrfaRPJY13HlklysuSGari9Y7YdxdkcMvfl/nlGfhE7A0Wgm/m7LF2N33BAd2NrPKpPF2Omu8moIMcQ+xy5GKzVb/hiHU=,iv:3Tq29JZkVmh0/L01+mlmW/5N1bXOecElsMwg+m9Kpq0=,tag:S0m79vu0ywsaj/t+mtLfQw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.1

34
machines/playman/services.nix Normal file
View file

@ -0,0 +1,34 @@
# Deployed services
{ config, ... }:
let
inherit (config.sops) secrets;
in
{
sops.secrets = {
"borgbackup/password" = { };
"borgbackup/ssh_key" = { };
};
# List services that you want to enable:
my.services = {
backup = {
enable = true;
OnFailureMail = "server@buehler.rocks";
passwordFile = secrets."borgbackup/password".path;
sshKeyFile = secrets."borgbackup/ssh_key".path;
paths = [ "/" ];
};
# remote build
remote-build.enable = true;
ssh-server = {
enable = true;
};
initrd-ssh = {
enable = true;
};
vpn = {
enable = true;
};
};
}

7
machines/playman/system.nix Normal file
View file

@ -0,0 +1,7 @@
# enabled system services
_: {
my.system = {
avahi.enable = true;
podman.enable = true;
};
}