diff --git a/parts/hosts/default.nix b/parts/hosts/default.nix index 4cf5cb1..1d023c2 100644 --- a/parts/hosts/default.nix +++ b/parts/hosts/default.nix @@ -75,5 +75,15 @@ in { ../modules/devenv.nix ]; }; + work = mkSystem { + hostname = "work"; + username = "nickolaj"; + modules = [ + ../modules/required.nix + ../modules/shell.nix + ../modules/graphical.nix + ../modules/devenv.nix + ]; + }; }; } diff --git a/parts/hosts/work/disk-configuration.nix b/parts/hosts/work/disk-configuration.nix new file mode 100644 index 0000000..f5bc1d1 --- /dev/null +++ b/parts/hosts/work/disk-configuration.nix @@ -0,0 +1,62 @@ +_: { + disko.devices = { + disk = { + main = { + device = "/dev/disk/by-id/ata-SanDisk_SDSSDXPS240G_153251401377"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["defaults"]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + # Copied by deploy script, otherwise it will prompt for password + passwordFile = "/luks-password"; + settings = { + allowDiscards = true; + bypassWorkqueues = true; + }; + content = { + type = "btrfs"; + extraArgs = ["-f"]; + subvolumes = { + "@" = { + mountpoint = "/"; + mountOptions = ["compress=zstd" "noatime"]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = ["compress=zstd" "noatime"]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = ["compress=zstd" "noatime"]; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/parts/hosts/work/nvidia.nix b/parts/hosts/work/nvidia.nix new file mode 100644 index 0000000..0d4ef5e --- /dev/null +++ b/parts/hosts/work/nvidia.nix @@ -0,0 +1,12 @@ +_: { + hardware.graphics = { + enable = true; + }; + services.xserver.videoDrivers = ["nvidia"]; + hardware.nvidia = { + open = true; + modesetting.enable = true; + powerManagement.enable = true; + nvidiaSettings = true; + }; +} diff --git a/secrets/hosts/work/.rekey/00e7cc90379f6eb88fa75b454820666b-ssh-key-ao.age b/secrets/hosts/work/.rekey/00e7cc90379f6eb88fa75b454820666b-ssh-key-ao.age new file mode 100644 index 0000000..6495d50 Binary files /dev/null and b/secrets/hosts/work/.rekey/00e7cc90379f6eb88fa75b454820666b-ssh-key-ao.age differ diff --git a/secrets/hosts/work/.rekey/343c52e7384d7f3072e2e35449d6ef6b-k8s-ao-dev.age b/secrets/hosts/work/.rekey/343c52e7384d7f3072e2e35449d6ef6b-k8s-ao-dev.age new file mode 100644 index 0000000..4e06788 Binary files /dev/null and b/secrets/hosts/work/.rekey/343c52e7384d7f3072e2e35449d6ef6b-k8s-ao-dev.age differ diff --git a/secrets/hosts/work/.rekey/6a96e98b07ba9d593ffa18993c45945c-hosts-private.age b/secrets/hosts/work/.rekey/6a96e98b07ba9d593ffa18993c45945c-hosts-private.age new file mode 100644 index 0000000..3bce62c Binary files /dev/null and b/secrets/hosts/work/.rekey/6a96e98b07ba9d593ffa18993c45945c-hosts-private.age differ diff --git a/secrets/hosts/work/.rekey/74a3e2049dc67ad5035f9e8a0582fe32-ssh-key.age b/secrets/hosts/work/.rekey/74a3e2049dc67ad5035f9e8a0582fe32-ssh-key.age new file mode 100644 index 0000000..e8dc954 Binary files /dev/null and b/secrets/hosts/work/.rekey/74a3e2049dc67ad5035f9e8a0582fe32-ssh-key.age differ diff --git a/secrets/hosts/work/.rekey/9b761b7510ff07a6a520c2d55313629c-hashed-user-password.age b/secrets/hosts/work/.rekey/9b761b7510ff07a6a520c2d55313629c-hashed-user-password.age new file mode 100644 index 0000000..23e2bc0 --- /dev/null +++ b/secrets/hosts/work/.rekey/9b761b7510ff07a6a520c2d55313629c-hashed-user-password.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 UQ3p6w /yVmAjLMBdkIfYSgms6cEhuuPcZcz/JRN77R76P2rC0 +Kqb0zKM7eJQHWmzW1WWQWrUGPo3n/MrvYsOpFnF8rV4 +-> 6-grease +_M?p) | +kiOsWVqE +--- M+2OJRF6l9Z7ewGUpQlcNnSzmy9wUyL33+rM8PXEUr4 +&_#Қ}(++Ud6a)ŸDt~\|}+yOtMn4t),hɅY%L@<S؁ \ No newline at end of file diff --git a/secrets/hosts/work/.rekey/f37a226625c60cae3ee8c43902eb6ada-k8s-ao-prod.age b/secrets/hosts/work/.rekey/f37a226625c60cae3ee8c43902eb6ada-k8s-ao-prod.age new file mode 100644 index 0000000..adf73b1 Binary files /dev/null and b/secrets/hosts/work/.rekey/f37a226625c60cae3ee8c43902eb6ada-k8s-ao-prod.age differ diff --git a/secrets/hosts/work/id_ed25519.age b/secrets/hosts/work/id_ed25519.age new file mode 100644 index 0000000..636802c --- /dev/null +++ b/secrets/hosts/work/id_ed25519.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> X25519 WlV00t6y5gzAQB+cdMy2fmTLo3tqNbEiCOJWjoQSkyw +viZKX1xZvslqRKLuRAINOeT/KD4JdDcGXVGbLPej0Co +-> piv-p256 q3LNVw A6KDzYBqOrvAtypk7670h8uoE/Zm5oXyC8Gs2hG2ZRUV +L9/dhNUo5xkaZnSnXcgvjZFvzvxsrYFAgmwDPby6GPo +-> ~#-grease +TNWgHQD98J4xyQeizV1YVWW5rKImx7SfvqwODtXCTvdqm5/96alWhhrqQE+MD0DS +ucPcrsbX8EZOdBJZd4J1d54peYoXklVFUJAkew +--- MaaRl3MCla/w9yVonLLuBc5NKdGBmtnkWVBoNKngzSA +[h@aF}W ^Uql<ShS"QqTdHIiNPߜ+ '+2nLLࠢCa*0(1KYd89D)9͋:d95;@n]H*ݮ' _<C+#u` ɠxas[O9¸T.{)@y0?8!Ed !9kp$O/}qoyZJAٹd`QimٟP!IǠLˬٴ{#ILHOGtМFT"ċo~(tlZFٮHeΗ'zzY)Yi<8X<\]$cJL17an=0tzM -5W \ No newline at end of file diff --git a/secrets/hosts/work/id_ed25519.pub b/secrets/hosts/work/id_ed25519.pub new file mode 100644 index 0000000..0198b10 --- /dev/null +++ b/secrets/hosts/work/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHdjLD+8XcVRwqKwnT44/pFfd8ohhLk6FxwYsihDxYtO nij@ao.dk \ No newline at end of file