Home

infra @main - refs - log -
- 
https://git.jolheiser.com/infra.git
dragonwell flake
tree log patch
peach Signed-off-by: jolheiser <git@jolheiser.com>
Signature
-----BEGIN SSH SIGNATURE----- U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgBTEvCQk6VqUAdN2RuH6bj1dNkY oOpbPWj+jw4ua1B1cAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5 AAAAQCB4aHVhgZJXVS4//OGC7XOwl44Tgy0LmFoSq2+0hLZ2yroByYCPs/XNtKymujY57o J1vTjL2WpvHJiGFZiHFAU= -----END SSH SIGNATURE-----
jolheiser <git@jolheiser.com>
1 week ago
8 changed files, 189 additions(+), 25 deletions(-)
flake.nixpeach/default.nixpeach/hardware.nixsecrets/beanboy.agesecrets/beszel-dragonwell.agesecrets/beszel-gunpowder.agesecrets/beszel-jasmine.agesecrets/beszel-shincha.agesecrets/cifs.agesecrets/forge-lines.agesecrets/horcrux.agesecrets/mealie.agesecrets/mint.agesecrets/pds.agesecrets/pocket-id.agesecrets/restic-env.agesecrets/restic-pass.agesecrets/restic-repo.agesecrets/secrets.nix
M flake.nix -> flake.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

diff --git a/flake.nix b/flake.nix
index da62d063bcc5a3b86d9bc6a84d8368bcd6a35649..5707830e70063d7a64a9240db74d44abeaf65d35 100644
--- a/flake.nix
+++ b/flake.nix
@@ -111,6 +111,10 @@               ./shincha
             ];
             services.tclip.package = inputs.tclip.packages.${pkgs.system}.tclipd;
           };
+        peach.imports = [
+          inputs.agenix.nixosModules.default
+          ./peach
+        ];
       };
       nixConfig = {
         extra-substitutors = [ "https://jolheiser.cachix.org" ];
I peach/default.nix
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104

diff --git a/peach/default.nix b/peach/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..01e65c327c04506b13ec9021cde7e6fae4ad9fec
--- /dev/null
+++ b/peach/default.nix
@@ -0,0 +1,98 @@
+{ pkgs, config, ... }:
+{
+  imports = [
+    ./hardware.nix
+  ];
+
+  boot = {
+    tmp.cleanOnBoot = true;
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  };
+  zramSwap.enable = true;
+
+  networking = {
+    hostName = "peach";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        80
+        443
+      ];
+    };
+  };
+
+  time.timeZone = "America/Chicago";
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+    extraLocaleSettings = {
+      LC_ADDRESS = "en_US.UTF-8";
+      LC_IDENTIFICATION = "en_US.UTF-8";
+      LC_MEASUREMENT = "en_US.UTF-8";
+      LC_MONETARY = "en_US.UTF-8";
+      LC_NAME = "en_US.UTF-8";
+      LC_NUMERIC = "en_US.UTF-8";
+      LC_PAPER = "en_US.UTF-8";
+      LC_TELEPHONE = "en_US.UTF-8";
+      LC_TIME = "en_US.UTF-8";
+    };
+  };
+
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+
+  services = {
+    openssh.enable = true;
+    tailscale.enable = true;
+    fail2ban.enable = true;
+    xserver = {
+      enable = true;
+      displayManager = {
+        lightdm.enable = true;
+        autoLogin = {
+          enable = true;
+          user = "beanboy";
+        };
+      };
+      desktopManager.cinnamon.enable = true;
+      layout = "us";
+      xkbVariant = "";
+    };
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+    };
+  };
+
+  age.secrets.beanboy.file = ../secrets/beanboy.age;
+  users.users = {
+    "beanboy" = {
+      isNormalUser = true;
+      extraGroups = [
+        "networkmanager"
+        "wheel"
+      ];
+      hashedPasswordFile = config.age.secrets.beanboy.path;
+      packages = with pkgs; [
+        prismlauncher
+      ];
+    };
+    "root".openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+uhnfFLhlyfGGsksSxh5IIY6gnIMryeQ2EiM979kZa"
+    ];
+  };
+
+  nix = {
+    gc = {
+      automatic = true;
+      randomizedDelaySec = "15m";
+    };
+    optimise.automatic = true;
+  };
+
+  system.stateVersion = "22.11";
+}
I peach/hardware.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

diff --git a/peach/hardware.nix b/peach/hardware.nix
new file mode 100644
index 0000000000000000000000000000000000000000..41b83f999687ebfccd2fdcbf00f1534fd549cbcc
--- /dev/null
+++ b/peach/hardware.nix
@@ -0,0 +1,54 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "usb_storage"
+    "usbhid"
+    "sd_mod"
+    "sr_mod"
+    "rtsx_usb_sdmmc"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/88901304-b017-4659-bad6-30bafb3445df";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/EEC4-C5A5";
+    fsType = "vfat";
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/c1551c4d-9b9e-4cc7-b30e-817b6979d010"; }
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
I secrets/beanboy.age
1
2
3
4

diff --git a/secrets/beanboy.age b/secrets/beanboy.age
new file mode 100644
index 0000000000000000000000000000000000000000..db06b554fd6f0b83b7d14a4737137588cc9ce784
Binary files /dev/null and b/secrets/beanboy.age differ
M secrets/beszel-dragonwell.age -> secrets/beszel-dragonwell.age
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

diff --git a/secrets/beszel-dragonwell.age b/secrets/beszel-dragonwell.age
index 7706f094e23afe53b7a12d828443cfb91d32cc57..f944c72001589461d583b7ae06758ac83ba16277 100644
--- a/secrets/beszel-dragonwell.age
+++ b/secrets/beszel-dragonwell.age
@@ -1,7 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 E8j6/g FULGDIRTOpsdr5BQRHJBtbarmLmG7u1pyVKuPugvShE
-XaNCPPCHxPtCiquUdlAZczFlJoYvJVEbAOmsifPKg40
--> ssh-ed25519 f31uNA 9UeFA3rkqduVCRekz9v1uSpx3Q1RmQKm/BbHxIlhumk
-Pp7x9xqH9xCqvaIwjhZkXzt/qlvnunwOeTDwJogkGHs
---- yQpM58nlvx1oEhG4bHfIMMBBD86qWNOIEVTeGQbs/oc
-�j��?��-�j=�kI\.��e�3���%�u2aBRՑ���U��P�����ΐ�����]�� �'��L!�^�S�j���D���b�wː��q"V~���=�v���ڹ�[�!
\ No newline at end of file
+-> ssh-ed25519 E8j6/g +swrLy8qbsI5oN1aHW8SrENIzPDaML/a02CAVGLsVxw
+DAHcozFyYjPLoCni+q6Pbf+kvlfKP6z/fWjFR2Vr1LA
+-> ssh-ed25519 f31uNA vx2Jkf9HnN9z9Ca8B0LJ4eZ0u/neU3iuXFmC4PnvRTI
+yBmLKhrUpW6IRUMoTXa4nryqEz5vutYDBcH3RQlUJq0
+--- JtWh3Ec40mDrQYdZI+Q3bIs6Fm6r9IrLwR1dtnWDFpE
+���	U�4�ow�od��S�L��x��5YY���օ��G�5�t�;.æ�3�&U�,4��_�� ����6��2zD���e�0��N�P��ޡ
)N�f?En)-,�,|�j�.j���mf�sT[
\ No newline at end of file
M secrets/beszel-gunpowder.age -> secrets/beszel-gunpowder.age
1
2
3

diff --git a/secrets/beszel-gunpowder.age b/secrets/beszel-gunpowder.age
index 342f510a49907881a399ae1ebea9c9c712595aff..018130e2080e0858c61df90a30c0815bed5fb3eb 100644
Binary files a/secrets/beszel-gunpowder.age and b/secrets/beszel-gunpowder.age differ
M secrets/beszel-jasmine.age -> secrets/beszel-jasmine.age
1
2
3

diff --git a/secrets/beszel-jasmine.age b/secrets/beszel-jasmine.age
index 1b3058823d78136e8eef9cf44f6d76fa08c1008b..ad9e13621a3334696dcad8d0f82d32c8861fb2f4 100644
Binary files a/secrets/beszel-jasmine.age and b/secrets/beszel-jasmine.age differ
M secrets/beszel-shincha.age -> secrets/beszel-shincha.age
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

diff --git a/secrets/beszel-shincha.age b/secrets/beszel-shincha.age
index 59b761c44f1b98308e5bcfc45273281ae2450054..440418c30347fbd8c81c16780407c0e7e361f8be 100644
--- a/secrets/beszel-shincha.age
+++ b/secrets/beszel-shincha.age
@@ -1,7 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 E8j6/g ELjIQSmsbz0PK7s9RcL4vTaOBbUrpH9EGAXN998n9RY
-JegzXcs//6TJ9tKXDKiP/blc+J0EhWJlXKju/p3bKcU
--> ssh-ed25519 Wq7dJg aBTNYwpqMV3tf9adr//rnwY0ehXhNd7PICsR6uOagzk
-wwvEAHmBzKL3iqeBJuMDf60vaKvuSdt1cLvTVlG0OMI
---- haqhC+ktwsqN/M9FvI16J+V5a7aczQVPuQ0Z0ROXJl0
-+���㤽���z�X�نC��������K�����z��j�|+�t��$g~���+�[�bݸ�"��+��63�1_D�����2�Zv�����%vޢ�mKw��W�n��y�
\ No newline at end of file
+-> ssh-ed25519 E8j6/g WYjBtC4VjyYtTq/YCCRwl0jTq+brsvW8daocL7wgmxo
+fGel/TatjSio1GDKoAmx4W46Wsi5hBhRYnC223plJjQ
+-> ssh-ed25519 Wq7dJg wBo+LuY6d57B/x9PseqE2vsbvnppkpA2etEl/jgYhyw
+mijrmqEYGxQ6U4RtiAE0cJjrzO3VIoYV2kChPlIE9P8
+--- U2mCUsQSaVkd9ubyEKGmQpy1a6c10IbEdqIgwEolh7I
+g6I<�ܶ��'g�"�pc0rՏ�:�����hq�B���c���jI����O�Ҏ�f7�8��'
+���`��X��-�������ɢ%/c��X6L����q	��!UEy�&���2
\ No newline at end of file
M secrets/cifs.age -> secrets/cifs.age
1
2
3

diff --git a/secrets/cifs.age b/secrets/cifs.age
index 16bb4acf61016bcc51fab122f5600c818261c071..de888cfc27b9a3366c732f8caf073987168f58d0 100644
Binary files a/secrets/cifs.age and b/secrets/cifs.age differ
M secrets/forge-lines.age -> secrets/forge-lines.age
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

diff --git a/secrets/forge-lines.age b/secrets/forge-lines.age
index 8730fca21b7a4978c1f49fd034f15b99f5b8a172..a7848767e8af2164d5f8cd49186e9839b8d02c5b 100644
--- a/secrets/forge-lines.age
+++ b/secrets/forge-lines.age
@@ -1,8 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 E8j6/g MOue2FWi5KIuH/YezYHaC2BhTLJyAm++9wcBfiOD21w
-wzLYn3if+zWfDLmtC5x7rc8y0wTHs/ndXA+nIiDPNe0
--> ssh-ed25519 f31uNA pUzaDSPDHD+G1hxXcEEFdWEr8pL8TnaSSxJWJaTLWiI
-nQhS0G4ZpBPzbFDsNm/73UEyTWtjd+ovhHtM8T9qxXs
---- HiupunEhBca/FwNXRI3dXpNoSr/UtsIkCiHYvUi0Z5o
-�I������"��5�R`q��4��c5�/���'$�_�z�?y���3�����NĬĐ���wO��<�?
-�5~P�Jaѓv�w����$��Z.(�������r�
\ No newline at end of file
+-> ssh-ed25519 E8j6/g d159n6EiXqVDqO8Axpg6NsQe1hUPy3qjLw1ujaMx4wY
+WPSwHaPu0gkXHAW9Ggmxaa2Hg5Ydp7p7MshArJujB1c
+-> ssh-ed25519 f31uNA KjA6NTuhGdJNklw6v8JXcejyOS9PF09CJ5UauO4rIzE
+up7TQB9QFbaAVtTVK5ZDu2RiJWYSX1JGyA7jhrV6y44
+--- IO6+bCezajDhP9MApAfwK7qHQk6j2g108w/vgPvjSU4
+�(���v;i��)��S��0Zw�ˍGlzǭ����r�l��:W���xt�=����%y־��S������OH>l%
�2��\��W�
+�$��G��(����4
\ No newline at end of file
M secrets/horcrux.age -> secrets/horcrux.age
1
2
3

diff --git a/secrets/horcrux.age b/secrets/horcrux.age
index f5682b987c8965ed0b1c196294a2eb51e9101330..a6262f23d21e94b9a3fd0ec4173f2634175bd141 100644
Binary files a/secrets/horcrux.age and b/secrets/horcrux.age differ
M secrets/mealie.age -> secrets/mealie.age
1
2
3

diff --git a/secrets/mealie.age b/secrets/mealie.age
index dcd57166cae09dde45239e274927e4690829f145..6d2759f472f7d0f5ff264597e3bcf25bea93aea6 100644
Binary files a/secrets/mealie.age and b/secrets/mealie.age differ
M secrets/mint.age -> secrets/mint.age
1
2
3

diff --git a/secrets/mint.age b/secrets/mint.age
index 021fc7a5a17911feeafae493fd4f5f37ceb3f864..f71b57b0c578745a16b8bd97b422adb033ae2607 100644
Binary files a/secrets/mint.age and b/secrets/mint.age differ
M secrets/pds.age -> secrets/pds.age
1
2
3

diff --git a/secrets/pds.age b/secrets/pds.age
index 8e37d4edbfb04fa947829e5e8516c6ad162edc64..4e89a7e07ff1a35c94ed60d3418706253cc31b7d 100644
Binary files a/secrets/pds.age and b/secrets/pds.age differ
M secrets/pocket-id.age -> secrets/pocket-id.age
1
2
3

diff --git a/secrets/pocket-id.age b/secrets/pocket-id.age
index 5dfffbb6bef72851892640e8884a312cc344f828..318784e282e82f32fbe091cf1f7f7e95a5001b46 100644
Binary files a/secrets/pocket-id.age and b/secrets/pocket-id.age differ
M secrets/restic-env.age -> secrets/restic-env.age
1
2
3

diff --git a/secrets/restic-env.age b/secrets/restic-env.age
index 87a10f7fd00877ecccd4adb80158ee8c942c00ab..97d32e031097ba79453c5136e93abc42acd1e9d9 100644
Binary files a/secrets/restic-env.age and b/secrets/restic-env.age differ
M secrets/restic-pass.age -> secrets/restic-pass.age
1
2
3

diff --git a/secrets/restic-pass.age b/secrets/restic-pass.age
index 21a8378a9894e93d41126d610c00a03ccddb5a1f..767b375ed34369212ccff4b31495c30d0cc46642 100644
Binary files a/secrets/restic-pass.age and b/secrets/restic-pass.age differ
M secrets/restic-repo.age -> secrets/restic-repo.age
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

diff --git a/secrets/restic-repo.age b/secrets/restic-repo.age
index 756ef95a5d2944e4f3c2314b7f32e5af3198f61e..db47d66966b7712ea442c1e49f8a1f2b5b38b3a4 100644
--- a/secrets/restic-repo.age
+++ b/secrets/restic-repo.age
@@ -1,7 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 E8j6/g KkmTmjrxjGcfGrUdNM2/QCI81heVgv6nj0LynHz7PEw
-SKj0FV/SHogJZWrilxGyDOUrCfvB9Vs+UkCYj0ijetY
--> ssh-ed25519 f31uNA O2x7fnci0jo6yEleV69RXcA04V1V2WNFgQska83VqhQ
-/bpn6h0x9/Zzc1yuCqd0wy2JYJAAQZvZSy429JPTcb8
---- a1Z9wg9rIkAj8JsAUthmbMASiLFuwonKJKDrb5YQPfE
-7J����eaK��x��4��1:��1낻D�!ѓЎ@Y ��miJ�=�ur�F�DS�!S��f��;�o^Uq�?�$5�Y�x:F�-lJE��}y�
\ No newline at end of file
+-> ssh-ed25519 E8j6/g jN7IS4tY/K8FzYxykNsLZquHG+q8eH4lJyH0KkKCry0
+tz0o+QpMpiBOLXIgyyZIqXWLO1XVu1kIYYKeIw6efKw
+-> ssh-ed25519 f31uNA ECXdXmETbNE39IUVtV8Br+RJ1fjJwz9M3M54eqeBrg8
+3Idhaybap5hcoFnpDknz46MM1D0rR+WYf66dJ0GCmGg
+--- DZ4qcxoUIkDdpDpd+Km9pBFrMui462IP0mrc0dGM0Dw
+���S���&xr�ؿ�]^䟖���'ܧ5
+��j�Ɍ��lɍlq�XJ\��{��Ԍ�ʸ�yx�K\䙹X>�Tee������,����7�ᨄS�
\ No newline at end of file
M secrets/secrets.nix -> secrets/secrets.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 4817b99f97eb1491cb354baf667e54573de0653d..354ead0d1c8d2df1cf51935d29b2be6df06e4808 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -4,6 +4,7 @@   dragonwell = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN32Cwxer2AOGvEqSqXSPp49gj1VtR7G2XmPnmXj6o53";
   shincha = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBikiSP5UIoHgjZejxSt/ce2FxnYk9VGDW+h12QvefJ3";
   jasmine = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE4koC93ixwkFzMK+kYLk2A6+xn6xprzkk49k+avRZkn";
   gunpowder = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZxjkZLj/9xvmg1enK+B7k8qf6Px0j4kTZ2caQfYmB1";
+  peach = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMD+rBcwnOnY2SPVAcHmfHgYwNCaG+PcuP+Zb/CgRA3N";
 
   dragonwellKeys = [
     jolheiser
@@ -21,6 +22,10 @@   gunpowderKeys = [
     jolheiser
     gunpowder
   ];
+  peachKeys = [
+    jolheiser
+    peach
+  ];
 
 in
 {
@@ -38,4 +43,5 @@   "pds.age".publicKeys = dragonwellKeys;
   "horcrux.age".publicKeys = dragonwellKeys;
   "mint.age".publicKeys = dragonwellKeys;
   "cifs.age".publicKeys = jasmineKeys;
+  "beanboy.age".publicKeys = peachKeys;
 }