hosts: add lightsail-tokyo

This commit is contained in:
Guanran Wang 2024-04-23 02:35:50 +08:00
parent 19c8ad7b34
commit ad019cf3f2
Signed by: nyancat
GPG key ID: 91F97D9ED12639CF
18 changed files with 119 additions and 36 deletions

View file

@ -6,6 +6,7 @@ keys:
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' # nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
- &aristotle age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp - &aristotle age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
- &blacksteel age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk - &blacksteel age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
- &lightsail-tokyo age1vw4kf5v8cfnhfhvl0eyvqzpvy9hpfv9enffvzyt95tx5mu7s5dxqjqw0fa
creation_rules: creation_rules:
- path_regex: secrets.yaml$ - path_regex: secrets.yaml$
key_groups: key_groups:
@ -13,3 +14,4 @@ creation_rules:
- *guanranwang - *guanranwang
- *aristotle - *aristotle
- *blacksteel - *blacksteel
- *lightsail-tokyo

View file

@ -8,10 +8,6 @@
# Terminal # Terminal
"alacritty" "alacritty"
# Shell
"fish"
"bash"
# Editor # Editor
"neovim" "neovim"
"vscode" "vscode"

View file

@ -584,6 +584,7 @@
"scss-reset": "scss-reset", "scss-reset": "scss-reset",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"spicetify-nix": "spicetify-nix", "spicetify-nix": "spicetify-nix",
"srvos": "srvos",
"systems": "systems", "systems": "systems",
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
} }
@ -673,6 +674,26 @@
"type": "github" "type": "github"
} }
}, },
"srvos": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1713747325,
"narHash": "sha256-3Rh1372yHv7TYA8yJqSCcKeVsHdhmDa4veN9kb3fNx8=",
"owner": "nix-community",
"repo": "srvos",
"rev": "e00e421468806a7a245bc76f0a23eb9e91593918",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "srvos",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,

View file

@ -88,6 +88,10 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils"; inputs.flake-utils.follows = "flake-utils";
}; };
srvos = {
url = "github:nix-community/srvos";
inputs.nixpkgs.follows = "nixpkgs";
};
systems.url = "github:nix-systems/default"; systems.url = "github:nix-systems/default";
treefmt-nix = { treefmt-nix = {
url = "github:numtide/treefmt-nix"; url = "github:numtide/treefmt-nix";
@ -206,5 +210,19 @@
nixOnDroidConfigurations = { nixOnDroidConfigurations = {
"socrates" = mkDroid [./hosts/socrates]; "socrates" = mkDroid [./hosts/socrates];
}; };
colmena = {
meta = {
specialArgs = {inherit inputs;};
nixpkgs = import inputs.nixpkgs {
system = "x86_64-linux"; # How does this work?
};
};
"lightsail-tokyo" = {
imports = [./hosts/lightsail-tokyo];
deployment.targetHost = "18.177.132.61";
};
};
}); });
} }

View file

@ -17,6 +17,7 @@
nix-index nix-index
comma comma
sops sops
colmena
]; ];
# for `nh` # for `nh`

View file

@ -36,9 +36,11 @@
inputs.nur.hmModules.nur inputs.nur.hmModules.nur
./applications/atuin ./applications/atuin
./applications/bash
./applications/bat ./applications/bat
./applications/eza ./applications/eza
./applications/fastfetch ./applications/fastfetch
./applications/fish
./applications/git ./applications/git
./applications/gpg ./applications/gpg
./applications/skim ./applications/skim

View file

@ -17,6 +17,7 @@
networking.hostName = "aristotle"; networking.hostName = "aristotle";
time.timeZone = "Asia/Shanghai"; time.timeZone = "Asia/Shanghai";
_module.args.disks = ["/dev/nvme0n1"]; # Disko _module.args.disks = ["/dev/nvme0n1"]; # Disko
system.stateVersion = "23.11";
services.tailscale = { services.tailscale = {
enable = true; enable = true;

View file

@ -16,5 +16,4 @@
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid"]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid"];
boot.kernelModules = ["kvm-intel"]; boot.kernelModules = ["kvm-intel"];
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
system.stateVersion = "23.11";
} }

View file

@ -13,11 +13,11 @@
./anti-feature.nix ./anti-feature.nix
]; ];
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
networking.hostName = "blacksteel"; networking.hostName = "blacksteel";
time.timeZone = "Asia/Shanghai"; time.timeZone = "Asia/Shanghai";
system.stateVersion = "23.11";
######## Services ######## Services
services.tailscale = { services.tailscale = {

View file

@ -29,7 +29,6 @@
#hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470; #hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
system.stateVersion = "23.11";
# no disko because dual booting with macOS isnt very flexible # no disko because dual booting with macOS isnt very flexible
boot.initrd.luks.devices."luks-8c26de19-f0d4-4ac7-a73c-a28dafd30544".device = "/dev/disk/by-uuid/8c26de19-f0d4-4ac7-a73c-a28dafd30544"; boot.initrd.luks.devices."luks-8c26de19-f0d4-4ac7-a73c-a28dafd30544".device = "/dev/disk/by-uuid/8c26de19-f0d4-4ac7-a73c-a28dafd30544";

View file

@ -0,0 +1,17 @@
{lib, ...}: {
nixpkgs.config = {
allowNonSource = false;
allowNonSourcePredicate = pkg:
builtins.elem (lib.getName pkg) [
"adoptopenjdk-hotspot-bin"
"cargo-bootstrap"
"rustc-bootstrap"
"rustc-bootstrap-wrapper"
];
allowUnfree = false;
allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
];
};
}

View file

@ -0,0 +1,15 @@
{
modulesPath,
lib,
...
}: {
imports = [
"${modulesPath}/virtualisation/amazon-image.nix"
../../nixos/profiles/server
./anti-feature.nix
];
time.timeZone = "Asia/Tokyo";
boot.loader.grub.device = lib.mkForce "/dev/nvme0n1";
system.stateVersion = "23.11";
}

View file

@ -60,8 +60,6 @@
sharedModules = [ sharedModules = [
({...}: { ({...}: {
imports = [ imports = [
../../home/applications/bash
../../home/applications/fish
../../home/applications/neovim ../../home/applications/neovim
../../home/applications/nix ../../home/applications/nix
]; ];

View file

@ -59,7 +59,7 @@
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "no"; settings.PermitRootLogin = lib.mkDefault "no"; # mkDefault for colmena
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
}; };

View file

@ -1,9 +1,13 @@
{ {
networking.wireless.iwd.enable = true; lib,
config,
...
}: {
networking.wireless.iwd.enable = lib.mkDefault true;
services.resolved.enable = true; services.resolved.enable = true;
sops.secrets."wireless/wangxiaobo".path = "/var/lib/iwd/wangxiaobo.psk"; sops.secrets."wireless/wangxiaobo".path = lib.mkIf config.networking.wireless.iwd.enable "/var/lib/iwd/wangxiaobo.psk";
sops.secrets."wireless/OpenWrt".path = "/var/lib/iwd/OpenWrt.psk"; sops.secrets."wireless/OpenWrt".path = lib.mkIf config.networking.wireless.iwd.enable "/var/lib/iwd/OpenWrt.psk";
### https://wiki.archlinux.org/title/Sysctl#Improving_performance ### https://wiki.archlinux.org/title/Sysctl#Improving_performance
boot.kernelModules = ["tcp_bbr"]; boot.kernelModules = ["tcp_bbr"];

View file

@ -11,10 +11,6 @@
# Terminal # Terminal
"alacritty" "alacritty"
# Shell
"fish"
"bash"
# Editor # Editor
"neovim" "neovim"
# "helix" # "helix"

View file

@ -1,9 +1,14 @@
{pkgs, ...}:
# no i dont actually own a server
{ {
pkgs,
inputs,
...
}: {
imports = [ imports = [
../common/minimal ../common/core
# ../common/minimal
inputs.srvos.nixosModules.mixins-terminfo
]; ];
boot.kernelPackages = pkgs.linuxPackages; # mkDefault for server boot.kernelPackages = pkgs.linuxPackages;
networking.wireless.iwd.enable = false;
} }

View file

@ -19,29 +19,38 @@ sops:
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq - recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXL3R3UWF2UjFBZXlVWmEr YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoRDVuSHNpQzMzb1gxaXB4
L3Nva3ZnMW9kUVN0bzhlVlE3UWRWSlRqY3lzCmp4SDlkZUdIQmFMb1UrWWk3SXBI aEs5SEpyeFdKMExIYnZMdTdIZi9JbXY2aHlzCmN5Um81VnF3TXpOcW1IbFBnTWY3
TExucEFodlZaZjFGQ3lkOWh1NFFsckUKLS0tIEZTL0QvZmVVWlVBOWtVczFaYnFl VHVQTmM3Zm5rOGx1UDhRRnBPZTZpRlEKLS0tIFV1am5VVXJiODdFT0RIQW9wNlVM
ejFYb0J0dmtSL0VURDBHZEhER0FZeEUKErLL9cf65O/YmLt0JVpdXuK2sXLh4x/O OWhuQmMrT2dId3U1RGtoamZyNElvSzAKqOOQB3oMulmSTFbiJenpucju+djFUY1t
YVv9lzzECDAMZbh2RScw5z91zWM9kB5vx17XrpcUnF4ouH+jnlOx8Q== ldHjlbYF9ywbAckqFtYXGcbDDbD5iv8ZvulyhU2d73534rspOXzyWQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp - recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHN2RPVVFlYzlyRitlS0Fn YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoRitmZ0xSRmNRbTIwdjg2
SGJaR2srdExaT3V5dFd3OFFraXBlbVY0K2d3CnNRUmFkSHJuTWlUeW9haS9lQ2N2 aStiQnIzU1AyTzkxdE9UT0laQlkxNzh5RDAwClNDcitIa0FCVUxCRldyL1I4Rit1
S3JmU3FmWUtLblRoYnRwK05OY05RK0kKLS0tIGQ2d2REbkFuQnFkT1I1QnFIc1Z6 bE9MZjNlaXV6aU5UYjhEVzgrMExHNGcKLS0tIG43bE9CSTFGZG9ZSlhucVc1cWZV
TlhnYmhQWnRBWG1CeWp6bktmemNxbk0KXYImIHhtlXUS2H+Ot81zGbC/BaMkba8D T3cwdUYyQWhpM04ydTJhOWQ1NHZqTncK6kVvFDpmgT4fEv2NCerIr3y1iIfV9phv
GUJeizpBBbA6BSjeQYx1Hd/mJJ4eqbN9abnLgYhQ42i9KfWWC4Eu1w== fKHhtqeEmaon9Hp1hqBcQzB4+PuxA+AWSZ+wjffGa/aS+RsSt2FYdw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk - recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0N2FtN1UvTXQ3MXZPQVN2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrMlR2WmM5cHl3SHRtZ08x
bTBCQzR1cmhhdmV5K0g4ODZySk42V09aZVE0CndxWTRVZS9Pek85VU1nK1hEYjc5 SG42bzNQSmlaQXN6RFpxSkpPcDAwbnpDMWhnCm5tZkpocWswYWF4UmYzS1dINkJ0
RnFjZEFmVytIYVBtN1IxOU1uSHVLUGcKLS0tIFB2UzlFeFJWOGJ3SFBDNENxT1FN bExOZWpNNlN0WkNXU29UY05vRFVoNUEKLS0tIGRwaUJFNkoyV2pLeDZOd3FxYnIz
MFdBdDhnbWFwTVd1aFgvUHdRZkhTV3MKIcvIbGmAMVAu5KcOi8xsjIvwAzp8etAn eWpqWU12ekl0NWRQV2lIdzRIcmYvVlUKYO7EDTdyLzDjoSgSj7/p/uwjZrw2xWgp
cXbkj9HfU/FHWv2fJNC/2Dda3AKKfDFNQJIk0MYOuyFR+JMu6Dah/g== 5474kRLJyPVjejTnnc3K1/za9Cp68tIsk/wC+bGflnXqrReNHyXq3Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vw4kf5v8cfnhfhvl0eyvqzpvy9hpfv9enffvzyt95tx5mu7s5dxqjqw0fa
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWWxBUUVWOVZqbE5FUEt1
ekdKaXRHdTdvWnR0R1BWMHlGMk5OQ1JTb1JJCkhWTDFpUEdneUR2UW9LVjdHN3VP
UE5WUzNJTWtreDQ2VEd2ZnFSdHJ5dDAKLS0tIEdsWlNIUDB2blBYTDdNaXN0YjBi
SC9YMFk4dUNOUDJYMXErck8yTmJmZmcKp66bHZTD6VitAOfzIr8VJr02+R9f5mxH
c5n2CWurDsZsNTKk7pgxQo78ySyAG3rzvOqgK0NFesyHy9dRl8xHCQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-01T04:24:51Z" lastmodified: "2024-04-01T04:24:51Z"
mac: ENC[AES256_GCM,data:cJYaWZvPI+cWeWBNZS5omgfZ7Jq7mPIPc/wle5s4XkAb5AgvFaT17FmBRRYBVLvGvevSRponU3z6kLvLbH1HfE89zpboPc76+6vmYPkx8bY+vy8lgg5BTWPHkQZ6BeORJQLi3aiH6CNOOD7wL1dlwD+ldZOD7D9kgxTwbFPX+V8=,iv:TFe6eY+M6qsvJDv09RovOLbRfNkcU8JHR1EaJtJKKIE=,tag:dAU7eFTmJpCGt/gxrwoRkQ==,type:str] mac: ENC[AES256_GCM,data:cJYaWZvPI+cWeWBNZS5omgfZ7Jq7mPIPc/wle5s4XkAb5AgvFaT17FmBRRYBVLvGvevSRponU3z6kLvLbH1HfE89zpboPc76+6vmYPkx8bY+vy8lgg5BTWPHkQZ6BeORJQLi3aiH6CNOOD7wL1dlwD+ldZOD7D9kgxTwbFPX+V8=,iv:TFe6eY+M6qsvJDv09RovOLbRfNkcU8JHR1EaJtJKKIE=,tag:dAU7eFTmJpCGt/gxrwoRkQ==,type:str]