hosts: add lightsail-tokyo
This commit is contained in:
parent
19c8ad7b34
commit
ad019cf3f2
18 changed files with 119 additions and 36 deletions
|
@ -6,6 +6,7 @@ keys:
|
||||||
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
|
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
|
||||||
- &aristotle age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
|
- &aristotle age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
|
||||||
- &blacksteel age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
|
- &blacksteel age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
|
||||||
|
- &lightsail-tokyo age1vw4kf5v8cfnhfhvl0eyvqzpvy9hpfv9enffvzyt95tx5mu7s5dxqjqw0fa
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets.yaml$
|
- path_regex: secrets.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
|
@ -13,3 +14,4 @@ creation_rules:
|
||||||
- *guanranwang
|
- *guanranwang
|
||||||
- *aristotle
|
- *aristotle
|
||||||
- *blacksteel
|
- *blacksteel
|
||||||
|
- *lightsail-tokyo
|
||||||
|
|
|
@ -8,10 +8,6 @@
|
||||||
# Terminal
|
# Terminal
|
||||||
"alacritty"
|
"alacritty"
|
||||||
|
|
||||||
# Shell
|
|
||||||
"fish"
|
|
||||||
"bash"
|
|
||||||
|
|
||||||
# Editor
|
# Editor
|
||||||
"neovim"
|
"neovim"
|
||||||
"vscode"
|
"vscode"
|
||||||
|
|
21
flake.lock
21
flake.lock
|
@ -584,6 +584,7 @@
|
||||||
"scss-reset": "scss-reset",
|
"scss-reset": "scss-reset",
|
||||||
"sops-nix": "sops-nix",
|
"sops-nix": "sops-nix",
|
||||||
"spicetify-nix": "spicetify-nix",
|
"spicetify-nix": "spicetify-nix",
|
||||||
|
"srvos": "srvos",
|
||||||
"systems": "systems",
|
"systems": "systems",
|
||||||
"treefmt-nix": "treefmt-nix"
|
"treefmt-nix": "treefmt-nix"
|
||||||
}
|
}
|
||||||
|
@ -673,6 +674,26 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"srvos": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1713747325,
|
||||||
|
"narHash": "sha256-3Rh1372yHv7TYA8yJqSCcKeVsHdhmDa4veN9kb3fNx8=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "srvos",
|
||||||
|
"rev": "e00e421468806a7a245bc76f0a23eb9e91593918",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "srvos",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"systems": {
|
"systems": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1681028828,
|
"lastModified": 1681028828,
|
||||||
|
|
18
flake.nix
18
flake.nix
|
@ -88,6 +88,10 @@
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
inputs.flake-utils.follows = "flake-utils";
|
inputs.flake-utils.follows = "flake-utils";
|
||||||
};
|
};
|
||||||
|
srvos = {
|
||||||
|
url = "github:nix-community/srvos";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
systems.url = "github:nix-systems/default";
|
systems.url = "github:nix-systems/default";
|
||||||
treefmt-nix = {
|
treefmt-nix = {
|
||||||
url = "github:numtide/treefmt-nix";
|
url = "github:numtide/treefmt-nix";
|
||||||
|
@ -206,5 +210,19 @@
|
||||||
nixOnDroidConfigurations = {
|
nixOnDroidConfigurations = {
|
||||||
"socrates" = mkDroid [./hosts/socrates];
|
"socrates" = mkDroid [./hosts/socrates];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
colmena = {
|
||||||
|
meta = {
|
||||||
|
specialArgs = {inherit inputs;};
|
||||||
|
nixpkgs = import inputs.nixpkgs {
|
||||||
|
system = "x86_64-linux"; # How does this work?
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
"lightsail-tokyo" = {
|
||||||
|
imports = [./hosts/lightsail-tokyo];
|
||||||
|
deployment.targetHost = "18.177.132.61";
|
||||||
|
};
|
||||||
|
};
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
nix-index
|
nix-index
|
||||||
comma
|
comma
|
||||||
sops
|
sops
|
||||||
|
colmena
|
||||||
];
|
];
|
||||||
|
|
||||||
# for `nh`
|
# for `nh`
|
||||||
|
|
|
@ -36,9 +36,11 @@
|
||||||
inputs.nur.hmModules.nur
|
inputs.nur.hmModules.nur
|
||||||
|
|
||||||
./applications/atuin
|
./applications/atuin
|
||||||
|
./applications/bash
|
||||||
./applications/bat
|
./applications/bat
|
||||||
./applications/eza
|
./applications/eza
|
||||||
./applications/fastfetch
|
./applications/fastfetch
|
||||||
|
./applications/fish
|
||||||
./applications/git
|
./applications/git
|
||||||
./applications/gpg
|
./applications/gpg
|
||||||
./applications/skim
|
./applications/skim
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
networking.hostName = "aristotle";
|
networking.hostName = "aristotle";
|
||||||
time.timeZone = "Asia/Shanghai";
|
time.timeZone = "Asia/Shanghai";
|
||||||
_module.args.disks = ["/dev/nvme0n1"]; # Disko
|
_module.args.disks = ["/dev/nvme0n1"]; # Disko
|
||||||
|
system.stateVersion = "23.11";
|
||||||
|
|
||||||
services.tailscale = {
|
services.tailscale = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -16,5 +16,4 @@
|
||||||
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid"];
|
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid"];
|
||||||
boot.kernelModules = ["kvm-intel"];
|
boot.kernelModules = ["kvm-intel"];
|
||||||
nixpkgs.hostPlatform = "x86_64-linux";
|
nixpkgs.hostPlatform = "x86_64-linux";
|
||||||
system.stateVersion = "23.11";
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,11 +13,11 @@
|
||||||
./anti-feature.nix
|
./anti-feature.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
networking.hostName = "blacksteel";
|
networking.hostName = "blacksteel";
|
||||||
time.timeZone = "Asia/Shanghai";
|
time.timeZone = "Asia/Shanghai";
|
||||||
|
system.stateVersion = "23.11";
|
||||||
|
|
||||||
######## Services
|
######## Services
|
||||||
services.tailscale = {
|
services.tailscale = {
|
||||||
|
|
|
@ -29,7 +29,6 @@
|
||||||
#hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
|
#hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
|
||||||
|
|
||||||
nixpkgs.hostPlatform = "x86_64-linux";
|
nixpkgs.hostPlatform = "x86_64-linux";
|
||||||
system.stateVersion = "23.11";
|
|
||||||
|
|
||||||
# no disko because dual booting with macOS isnt very flexible
|
# no disko because dual booting with macOS isnt very flexible
|
||||||
boot.initrd.luks.devices."luks-8c26de19-f0d4-4ac7-a73c-a28dafd30544".device = "/dev/disk/by-uuid/8c26de19-f0d4-4ac7-a73c-a28dafd30544";
|
boot.initrd.luks.devices."luks-8c26de19-f0d4-4ac7-a73c-a28dafd30544".device = "/dev/disk/by-uuid/8c26de19-f0d4-4ac7-a73c-a28dafd30544";
|
||||||
|
|
17
hosts/lightsail-tokyo/anti-feature.nix
Normal file
17
hosts/lightsail-tokyo/anti-feature.nix
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
{lib, ...}: {
|
||||||
|
nixpkgs.config = {
|
||||||
|
allowNonSource = false;
|
||||||
|
allowNonSourcePredicate = pkg:
|
||||||
|
builtins.elem (lib.getName pkg) [
|
||||||
|
"adoptopenjdk-hotspot-bin"
|
||||||
|
"cargo-bootstrap"
|
||||||
|
"rustc-bootstrap"
|
||||||
|
"rustc-bootstrap-wrapper"
|
||||||
|
];
|
||||||
|
|
||||||
|
allowUnfree = false;
|
||||||
|
allowUnfreePredicate = pkg:
|
||||||
|
builtins.elem (lib.getName pkg) [
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
15
hosts/lightsail-tokyo/default.nix
Normal file
15
hosts/lightsail-tokyo/default.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{
|
||||||
|
modulesPath,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
"${modulesPath}/virtualisation/amazon-image.nix"
|
||||||
|
../../nixos/profiles/server
|
||||||
|
./anti-feature.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
time.timeZone = "Asia/Tokyo";
|
||||||
|
boot.loader.grub.device = lib.mkForce "/dev/nvme0n1";
|
||||||
|
system.stateVersion = "23.11";
|
||||||
|
}
|
|
@ -60,8 +60,6 @@
|
||||||
sharedModules = [
|
sharedModules = [
|
||||||
({...}: {
|
({...}: {
|
||||||
imports = [
|
imports = [
|
||||||
../../home/applications/bash
|
|
||||||
../../home/applications/fish
|
|
||||||
../../home/applications/neovim
|
../../home/applications/neovim
|
||||||
../../home/applications/nix
|
../../home/applications/nix
|
||||||
];
|
];
|
||||||
|
|
|
@ -59,7 +59,7 @@
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings.PermitRootLogin = "no";
|
settings.PermitRootLogin = lib.mkDefault "no"; # mkDefault for colmena
|
||||||
settings.PasswordAuthentication = false;
|
settings.PasswordAuthentication = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,13 @@
|
||||||
{
|
{
|
||||||
networking.wireless.iwd.enable = true;
|
lib,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
networking.wireless.iwd.enable = lib.mkDefault true;
|
||||||
services.resolved.enable = true;
|
services.resolved.enable = true;
|
||||||
|
|
||||||
sops.secrets."wireless/wangxiaobo".path = "/var/lib/iwd/wangxiaobo.psk";
|
sops.secrets."wireless/wangxiaobo".path = lib.mkIf config.networking.wireless.iwd.enable "/var/lib/iwd/wangxiaobo.psk";
|
||||||
sops.secrets."wireless/OpenWrt".path = "/var/lib/iwd/OpenWrt.psk";
|
sops.secrets."wireless/OpenWrt".path = lib.mkIf config.networking.wireless.iwd.enable "/var/lib/iwd/OpenWrt.psk";
|
||||||
|
|
||||||
### https://wiki.archlinux.org/title/Sysctl#Improving_performance
|
### https://wiki.archlinux.org/title/Sysctl#Improving_performance
|
||||||
boot.kernelModules = ["tcp_bbr"];
|
boot.kernelModules = ["tcp_bbr"];
|
||||||
|
|
|
@ -11,10 +11,6 @@
|
||||||
# Terminal
|
# Terminal
|
||||||
"alacritty"
|
"alacritty"
|
||||||
|
|
||||||
# Shell
|
|
||||||
"fish"
|
|
||||||
"bash"
|
|
||||||
|
|
||||||
# Editor
|
# Editor
|
||||||
"neovim"
|
"neovim"
|
||||||
# "helix"
|
# "helix"
|
||||||
|
|
|
@ -1,9 +1,14 @@
|
||||||
{pkgs, ...}:
|
|
||||||
# no i dont actually own a server
|
|
||||||
{
|
{
|
||||||
|
pkgs,
|
||||||
|
inputs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
imports = [
|
imports = [
|
||||||
../common/minimal
|
../common/core
|
||||||
|
# ../common/minimal
|
||||||
|
inputs.srvos.nixosModules.mixins-terminfo
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages; # mkDefault for server
|
boot.kernelPackages = pkgs.linuxPackages;
|
||||||
|
networking.wireless.iwd.enable = false;
|
||||||
}
|
}
|
||||||
|
|
39
secrets.yaml
39
secrets.yaml
|
@ -19,29 +19,38 @@ sops:
|
||||||
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXL3R3UWF2UjFBZXlVWmEr
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoRDVuSHNpQzMzb1gxaXB4
|
||||||
L3Nva3ZnMW9kUVN0bzhlVlE3UWRWSlRqY3lzCmp4SDlkZUdIQmFMb1UrWWk3SXBI
|
aEs5SEpyeFdKMExIYnZMdTdIZi9JbXY2aHlzCmN5Um81VnF3TXpOcW1IbFBnTWY3
|
||||||
TExucEFodlZaZjFGQ3lkOWh1NFFsckUKLS0tIEZTL0QvZmVVWlVBOWtVczFaYnFl
|
VHVQTmM3Zm5rOGx1UDhRRnBPZTZpRlEKLS0tIFV1am5VVXJiODdFT0RIQW9wNlVM
|
||||||
ejFYb0J0dmtSL0VURDBHZEhER0FZeEUKErLL9cf65O/YmLt0JVpdXuK2sXLh4x/O
|
OWhuQmMrT2dId3U1RGtoamZyNElvSzAKqOOQB3oMulmSTFbiJenpucju+djFUY1t
|
||||||
YVv9lzzECDAMZbh2RScw5z91zWM9kB5vx17XrpcUnF4ouH+jnlOx8Q==
|
ldHjlbYF9ywbAckqFtYXGcbDDbD5iv8ZvulyhU2d73534rspOXzyWQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
|
- recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHN2RPVVFlYzlyRitlS0Fn
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoRitmZ0xSRmNRbTIwdjg2
|
||||||
SGJaR2srdExaT3V5dFd3OFFraXBlbVY0K2d3CnNRUmFkSHJuTWlUeW9haS9lQ2N2
|
aStiQnIzU1AyTzkxdE9UT0laQlkxNzh5RDAwClNDcitIa0FCVUxCRldyL1I4Rit1
|
||||||
S3JmU3FmWUtLblRoYnRwK05OY05RK0kKLS0tIGQ2d2REbkFuQnFkT1I1QnFIc1Z6
|
bE9MZjNlaXV6aU5UYjhEVzgrMExHNGcKLS0tIG43bE9CSTFGZG9ZSlhucVc1cWZV
|
||||||
TlhnYmhQWnRBWG1CeWp6bktmemNxbk0KXYImIHhtlXUS2H+Ot81zGbC/BaMkba8D
|
T3cwdUYyQWhpM04ydTJhOWQ1NHZqTncK6kVvFDpmgT4fEv2NCerIr3y1iIfV9phv
|
||||||
GUJeizpBBbA6BSjeQYx1Hd/mJJ4eqbN9abnLgYhQ42i9KfWWC4Eu1w==
|
fKHhtqeEmaon9Hp1hqBcQzB4+PuxA+AWSZ+wjffGa/aS+RsSt2FYdw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
|
- recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0N2FtN1UvTXQ3MXZPQVN2
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrMlR2WmM5cHl3SHRtZ08x
|
||||||
bTBCQzR1cmhhdmV5K0g4ODZySk42V09aZVE0CndxWTRVZS9Pek85VU1nK1hEYjc5
|
SG42bzNQSmlaQXN6RFpxSkpPcDAwbnpDMWhnCm5tZkpocWswYWF4UmYzS1dINkJ0
|
||||||
RnFjZEFmVytIYVBtN1IxOU1uSHVLUGcKLS0tIFB2UzlFeFJWOGJ3SFBDNENxT1FN
|
bExOZWpNNlN0WkNXU29UY05vRFVoNUEKLS0tIGRwaUJFNkoyV2pLeDZOd3FxYnIz
|
||||||
MFdBdDhnbWFwTVd1aFgvUHdRZkhTV3MKIcvIbGmAMVAu5KcOi8xsjIvwAzp8etAn
|
eWpqWU12ekl0NWRQV2lIdzRIcmYvVlUKYO7EDTdyLzDjoSgSj7/p/uwjZrw2xWgp
|
||||||
cXbkj9HfU/FHWv2fJNC/2Dda3AKKfDFNQJIk0MYOuyFR+JMu6Dah/g==
|
5474kRLJyPVjejTnnc3K1/za9Cp68tIsk/wC+bGflnXqrReNHyXq3Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1vw4kf5v8cfnhfhvl0eyvqzpvy9hpfv9enffvzyt95tx5mu7s5dxqjqw0fa
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWWxBUUVWOVZqbE5FUEt1
|
||||||
|
ekdKaXRHdTdvWnR0R1BWMHlGMk5OQ1JTb1JJCkhWTDFpUEdneUR2UW9LVjdHN3VP
|
||||||
|
UE5WUzNJTWtreDQ2VEd2ZnFSdHJ5dDAKLS0tIEdsWlNIUDB2blBYTDdNaXN0YjBi
|
||||||
|
SC9YMFk4dUNOUDJYMXErck8yTmJmZmcKp66bHZTD6VitAOfzIr8VJr02+R9f5mxH
|
||||||
|
c5n2CWurDsZsNTKk7pgxQo78ySyAG3rzvOqgK0NFesyHy9dRl8xHCQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-04-01T04:24:51Z"
|
lastmodified: "2024-04-01T04:24:51Z"
|
||||||
mac: ENC[AES256_GCM,data:cJYaWZvPI+cWeWBNZS5omgfZ7Jq7mPIPc/wle5s4XkAb5AgvFaT17FmBRRYBVLvGvevSRponU3z6kLvLbH1HfE89zpboPc76+6vmYPkx8bY+vy8lgg5BTWPHkQZ6BeORJQLi3aiH6CNOOD7wL1dlwD+ldZOD7D9kgxTwbFPX+V8=,iv:TFe6eY+M6qsvJDv09RovOLbRfNkcU8JHR1EaJtJKKIE=,tag:dAU7eFTmJpCGt/gxrwoRkQ==,type:str]
|
mac: ENC[AES256_GCM,data:cJYaWZvPI+cWeWBNZS5omgfZ7Jq7mPIPc/wle5s4XkAb5AgvFaT17FmBRRYBVLvGvevSRponU3z6kLvLbH1HfE89zpboPc76+6vmYPkx8bY+vy8lgg5BTWPHkQZ6BeORJQLi3aiH6CNOOD7wL1dlwD+ldZOD7D9kgxTwbFPX+V8=,iv:TFe6eY+M6qsvJDv09RovOLbRfNkcU8JHR1EaJtJKKIE=,tag:dAU7eFTmJpCGt/gxrwoRkQ==,type:str]
|
||||||
|
|
Loading…
Reference in a new issue