diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 9b4646b..6563e90 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -78,7 +78,7 @@ jobs: - boreal - hades - hephaestus - - thanatos + - poseidon steps: - uses: actions/checkout@v4 diff --git a/flake.lock b/flake.lock index 38be2d0..fcdce90 100644 --- a/flake.lock +++ b/flake.lock @@ -41,25 +41,6 @@ "type": "github" } }, - "disko": { - "inputs": { - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1702479765, - "narHash": "sha256-wjNYsFhciYoJkZ/FBKvFj55k+vkLbu6C2qYQ7K+s8pI=", - "owner": "nix-community", - "repo": "disko", - "rev": "bd8fbc3f274288ac905bcea66bc2a5428abde458", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "master", - "repo": "disko", - "type": "github" - } - }, "flake-utils": { "locked": { "lastModified": 1653893745, @@ -146,22 +127,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1697915759, - "narHash": "sha256-WyMj5jGcecD+KC8gEs+wFth1J1wjisZf8kVZH13f1Zo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "51d906d2341c9e866e48c2efcaac0f2d70bfd43e", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1701952659, "narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=", @@ -180,11 +145,10 @@ "root": { "inputs": { "agenix": "agenix", - "disko": "disko", "flake-utils": "flake-utils", "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "nixpkgs-unstable-small": "nixpkgs-unstable-small" } } diff --git a/flake.nix b/flake.nix index 6675c5f..7d88315 100644 --- a/flake.nix +++ b/flake.nix @@ -42,13 +42,6 @@ repo = "nixos-hardware"; ref = "master"; }; - - disko = { - type = "github"; - owner = "nix-community"; - repo = "disko"; - ref = "master"; - }; }; outputs = { @@ -56,7 +49,6 @@ nixpkgs, home-manager, agenix, - disko, ... } @ inputs: { @@ -113,6 +105,15 @@ ] ++ (nixpkgs.lib.attrValues self.nixosModules); in { + poseidon = nixpkgs.lib.nixosSystem rec { + inherit system; + modules = + [ + ./poseidon.nix + ] + ++ sharedModules; + }; + hades = nixpkgs.lib.nixosSystem rec { inherit system; modules = @@ -142,6 +143,19 @@ ++ sharedModules; }; + zephyrus = nixpkgs.lib.nixosSystem rec { + inherit system; + modules = + [ + ./zephyrus.nix + + inputs.nixos-hardware.nixosModules.common-cpu-intel + inputs.nixos-hardware.nixosModules.common-pc-laptop + inputs.nixos-hardware.nixosModules.common-pc-ssd + ] + ++ sharedModules; + }; + hephaestus = nixpkgs.lib.nixosSystem rec { inherit system; modules = @@ -155,16 +169,6 @@ ] ++ sharedModules; }; - - thanatos = nixpkgs.lib.nixosSystem { - inherit system; - modules = - [ - disko.nixosModules.default - ./thanatos.nix - ] - ++ sharedModules; - }; }; } // inputs.flake-utils.lib.eachDefaultSystem (system: { diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix new file mode 100644 index 0000000..83c7069 --- /dev/null +++ b/hosts/poseidon/default.nix @@ -0,0 +1,84 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +{ + config, + lib, + pkgs, + ... +}: let + secrets = config.my.secrets; +in { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + + ./home.nix + ./secrets.nix + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + boot.supportedFilesystems = ["btrfs"]; + + services.btrfs = { + autoScrub = { + enable = true; + fileSystems = ["/"]; + }; + }; + + networking.hostName = "poseidon"; # Define your hostname. + networking.domain = "alarsyo.net"; + + # Set your time zone. + time.timeZone = "Europe/Paris"; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + networking.useDHCP = false; + networking.interfaces.eno1.ipv4.addresses = [ + { + address = "163.172.11.110"; + prefixLength = 24; + } + ]; + networking.defaultGateway = { + address = "163.172.11.1"; + interface = "eno1"; + }; + networking.nameservers = [ + "62.210.16.6" + "62.210.16.7" + ]; + my.networking.externalInterface = "eno1"; + + my.services = { + restic-backup = { + enable = true; + repo = "b2:poseidon-backup"; + passwordFile = config.age.secrets."restic-backup/poseidon-password".path; + environmentFile = config.age.secrets."restic-backup/poseidon-credentials".path; + }; + + fail2ban = { + enable = true; + }; + + tailscale = { + enable = true; + exitNode = true; + }; + }; + + services = { + openssh.enable = true; + vnstat.enable = true; + }; + + # Takes a long while to build + documentation.nixos.enable = false; +} diff --git a/hosts/poseidon/hardware-configuration.nix b/hosts/poseidon/hardware-configuration.nix new file mode 100644 index 0000000..fd1d735 --- /dev/null +++ b/hosts/poseidon/hardware-configuration.nix @@ -0,0 +1,45 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: let + inherit + (lib) + mkDefault + ; +in { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["ahci" "usbhid"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/adcf0158-edfb-402f-82e7-61e4902af989"; + fsType = "btrfs"; + options = [ + "subvol=@nixos" + "compress=zstd" + "noatime" + ]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/ff54b622-0e26-4c6e-aa0c-ac2c1e12699a"; + fsType = "ext4"; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/381a9c5e-4d71-45b4-ac62-e7414b3768fc";} + ]; + + powerManagement.cpuFreqGovernor = mkDefault "ondemand"; +} diff --git a/hosts/thanatos/home.nix b/hosts/poseidon/home.nix similarity index 100% rename from hosts/thanatos/home.nix rename to hosts/poseidon/home.nix diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix new file mode 100644 index 0000000..238e7ea --- /dev/null +++ b/hosts/poseidon/secrets.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + options, + ... +}: { + config.age = { + secrets = let + toSecret = name: {...} @ attrs: + { + file = ./../../modules/secrets + "/${name}.age"; + } + // attrs; + in + lib.mapAttrs toSecret { + "gandi/api-key" = {}; + + "lohr/shared-secret" = {}; + + "restic-backup/poseidon-credentials" = {}; + "restic-backup/poseidon-password" = {}; + + "users/alarsyo-hashed-password" = {}; + "users/root-hashed-password" = {}; + }; + }; +} diff --git a/hosts/thanatos/default.nix b/hosts/thanatos/default.nix deleted file mode 100644 index 5a6711d..0000000 --- a/hosts/thanatos/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). -{ - config, - lib, - pkgs, - ... -}: let - secrets = config.my.secrets; -in { - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ./disko-configuration.nix - ./home.nix - ./secrets.nix - ]; - - boot.loader.grub.enable = true; - boot.tmp.useTmpfs = true; - - networking.hostName = "thanatos"; # Define your hostname. - networking.domain = "lrde.epita.fr"; - - # Set your time zone. - time.timeZone = "Europe/Paris"; - - # List services that you want to enable: - my.services = { - tailscale.enable = true; - }; - - services = { - openssh.enable = true; - }; - - virtualisation.docker.enable = true; - - environment.systemPackages = with pkgs; [ - docker-compose - ]; -} diff --git a/hosts/thanatos/disko-configuration.nix b/hosts/thanatos/disko-configuration.nix deleted file mode 100644 index 81e9c36..0000000 --- a/hosts/thanatos/disko-configuration.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - disko.devices = { - disk = { - main = { - type = "disk"; - device = "/dev/disk/by-id/ata-CT250MX500SSD1_2301E69A20C4"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; # for grub MBR - }; - ESP = { - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - root = { - size = "100%"; - content = { - type = "btrfs"; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/home" = { - mountpoint = "/home"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/swap" = { - mountpoint = "/.swapvol"; - swap.swapfile.size = "8G"; - }; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/thanatos/hardware-configuration.nix b/hosts/thanatos/hardware-configuration.nix deleted file mode 100644 index 2ff30b0..0000000 --- a/hosts/thanatos/hardware-configuration.nix +++ /dev/null @@ -1,25 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix new file mode 100644 index 0000000..4e1b423 --- /dev/null +++ b/hosts/zephyrus/default.nix @@ -0,0 +1,112 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +{ + config, + lib, + pkgs, + ... +}: { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ./home.nix + ./secrets.nix + ]; + + boot.kernelPackages = pkgs.linuxPackages; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.tmp.useTmpfs = true; + + services.btrfs = { + autoScrub = { + enable = true; + fileSystems = ["/"]; + }; + }; + + networking.hostName = "zephyrus"; # Define your hostname. + networking.domain = "alarsyo.net"; + + # Set your time zone. + time.timeZone = "Europe/Paris"; + + # List services that you want to enable: + my.services = { + tailscale.enable = true; + + pipewire.enable = true; + + restic-backup = { + enable = true; + repo = "b2:zephyrus-backup"; + passwordFile = config.age.secrets."restic-backup/zephyrus-password".path; + environmentFile = config.age.secrets."restic-backup/zephyrus-credentials".path; + + timerConfig = { + OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day + }; + + paths = [ + "/home/alarsyo" + ]; + exclude = [ + "/home/alarsyo/Downloads" + + # Rust builds using half my storage capacity + "/home/alarsyo/**/target" + "/home/alarsyo/work/rust/build" + + # don't backup nixpkgs + "/home/alarsyo/work/nixpkgs" + + "/home/alarsyo/go" + + # C build crap + "*.a" + "*.o" + "*.so" + + # test vms + "*.qcow2" + + # secrets stay offline + "/home/alarsyo/**/secrets" + + # ignore all dotfiles as .config and .cache can become quite big + "/home/alarsyo/.*" + ]; + }; + }; + + virtualisation.docker.enable = true; + virtualisation.libvirtd.enable = true; + programs.dconf.enable = true; + + services = { + tlp = { + settings = { + START_CHARGE_THRESH_BAT0 = 70; + STOP_CHARGE_THRESH_BAT0 = 80; + }; + }; + fwupd.enable = true; + openssh.enable = true; + }; + my.gui.enable = true; + + services.udev.packages = [pkgs.chrysalis]; + services.udisks2.enable = true; + + hardware.bluetooth = { + enable = true; + powerOnBoot = false; + settings.General.Experimental = true; + }; + + programs.light.enable = true; +} diff --git a/hosts/zephyrus/hardware-configuration.nix b/hosts/zephyrus/hardware-configuration.nix new file mode 100644 index 0000000..d9e1c75 --- /dev/null +++ b/hosts/zephyrus/hardware-configuration.nix @@ -0,0 +1,70 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: let + inherit + (lib) + mkDefault + ; +in { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; + fsType = "btrfs"; + options = ["subvol=@" "compress=zstd" "noatime"]; + }; + + boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c59e7067-e33c-474c-9b8e-96d0e8f59297"; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; + fsType = "btrfs"; + options = ["subvol=@home" "compress=zstd" "noatime"]; + neededForBoot = true; # agenix needs my key for some root secrets + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; + fsType = "btrfs"; + options = ["subvol=@nix" "compress=zstd" "noatime"]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/D9DA-F46C"; + fsType = "vfat"; + }; + + fileSystems."/swap" = { + device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; + fsType = "btrfs"; + options = ["subvol=@swap" "compress=zstd" "noatime"]; + }; + + swapDevices = [ + { + device = "/swap/swapfile"; + size = 1024 * 8; # half of RAM size + } + ]; + + powerManagement.cpuFreqGovernor = mkDefault "powersave"; + + hardware = { + enableRedistributableFirmware = true; + cpu.intel.updateMicrocode = true; + }; +} diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix new file mode 100644 index 0000000..ab33920 --- /dev/null +++ b/hosts/zephyrus/home.nix @@ -0,0 +1,39 @@ +{ + config, + pkgs, + ... +}: { + home-manager.users.alarsyo = { + my.home.laptop.enable = true; + + # Keyboard settings & i3 settings + my.home.x.enable = true; + my.home.x.i3bar.temperature.chip = "coretemp-isa-*"; + my.home.x.i3bar.temperature.inputs = ["Core 0" "Core 1" "Core 2" "Core 3"]; + my.home.x.i3bar.networking.throughput_interfaces = ["enp0s31f6" "wlp0s20f3" "enp43s0u1u1"]; + my.home.emacs.enable = true; + + my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; + + home.packages = builtins.attrValues { + inherit + (pkgs) + # some websites only work there :( + + chromium + darktable + # dev + + rustup + gdb + valgrind + arandr + zotero + ; + + inherit (pkgs.packages) spot; + + inherit (pkgs.wineWowPackages) stable; + }; + }; +} diff --git a/hosts/thanatos/secrets.nix b/hosts/zephyrus/secrets.nix similarity index 77% rename from hosts/thanatos/secrets.nix rename to hosts/zephyrus/secrets.nix index 3fbc379..22afdfd 100644 --- a/hosts/thanatos/secrets.nix +++ b/hosts/zephyrus/secrets.nix @@ -13,6 +13,9 @@ // attrs; in lib.mapAttrs toSecret { + "restic-backup/zephyrus-credentials" = {}; + "restic-backup/zephyrus-password" = {}; + "users/alarsyo-hashed-password" = {}; "users/root-hashed-password" = {}; }; diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 9c042d0..3b4229f 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -5,13 +5,14 @@ let boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades"; hephaestus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7Cp+n5+huof68QlAoJV8bVf5h5p9kEZFAVpltWopdL root@hephaestus"; - thanatos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8JEAWk/8iSl8fN6/f76JkmVFwtyixTpLol4zSVsnVw root@thanatos"; + poseidon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhZYMbWQG9TSQ2qze8GgFo2XrZzgu/GuSOGwenByJo root@poseidon"; + zephyrus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU4JfIADH9MXUnVe+3ezYK9WXsqy/jJcm1zFkmL4aSU root@zephyrus"; - machines = [boreal hades hephaestus thanatos]; + machines = [boreal hades hephaestus poseidon zephyrus]; all = users ++ machines; in { - "gandi/api-key.age".publicKeys = [alarsyo hades]; + "gandi/api-key.age".publicKeys = [alarsyo hades poseidon]; "lohr/shared-secret.age".publicKeys = [alarsyo hades]; @@ -34,7 +35,11 @@ in { "restic-backup/hades-credentials.age".publicKeys = [alarsyo hades]; "restic-backup/hephaestus-password.age".publicKeys = [alarsyo hephaestus]; "restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus]; + "restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon]; + "restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon]; + "restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus]; + "restic-backup/zephyrus-credentials.age".publicKeys = [alarsyo zephyrus]; - "users/root-hashed-password.age".publicKeys = machines ++ [alarsyo]; + "users/root-hashed-password.age".publicKeys = machines; "users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo]; } diff --git a/modules/secrets/users/alarsyo-hashed-password.age b/modules/secrets/users/alarsyo-hashed-password.age index 38b12ac..1e7abbe 100644 --- a/modules/secrets/users/alarsyo-hashed-password.age +++ b/modules/secrets/users/alarsyo-hashed-password.age @@ -1,16 +1,17 @@ age-encryption.org/v1 --> ssh-ed25519 YWMQkg nA65XHF5xsaW5JPGfWYLDtCq0DQQpN6FBbbnDKL23BY -JyzLfx9QXRV4jXQWvsXMEO7Y9Maf6VAQZU0QiEyA0rs --> ssh-ed25519 pX8y2g 0AuwR4Dv6bulcow+LOd6XsF/U+Ly8fQDIuHcksijCk4 -TXyxasso2OmK8RswWOk6oP7+q6iS2WTwYsy0CF07gtc --> ssh-ed25519 SYm+hA coVEtWHcu5Zc17TuVLTzWe7RiXjJ53wjjRfLidwjUgg -fx5hl1hPiRxQLHIN2mrvB9tc+xMTwqHM1DXZY75s/MA --> ssh-ed25519 6UUuZw 2bfWgdMEj+POlLejgzl3GZN1M3xt5Qoif9M2BwGV4QA -9pLL7KegernUFqbNklKDho5IRgw9VVZGaphgmcfnohQ --> ssh-ed25519 k2gHjw yxVoANLjqXRU97oymWtIEr4ZQ9OVvlRsC2Y2jsvkJWY -Q37kBzgMyWkpcLO/3FFMtmDO16/17+i57DmALUDL/kE --> >)/-grease VfMC'D<: eQJ #XT -OcrPfgaTtzKItA7HfjeBUc68U7ol1sewRCFKg0iAeSVT1jiv3/O7hkz5MbMAsuoi -D8hkNjdXn3TDBVc1OcIS2iX5xOdpvP3ePs6TgX9H ---- mAY7j62sU6rXvZu84PkvkMqZ5M139fV/RlJidRYCo9Q -Xb;\hJ #Ⱦ>3PzQ{J Xe3Q!5$|MD;KZS.XS?з1j)H[hkƫ|g= \ No newline at end of file +-> ssh-ed25519 YWMQkg edb6vOJgAg7qUtsk3wot1lDT0guqrhkVO4q647At/Xo +XlX07p/2byuBzWeR3khI/B255/4IwjiWEiOEgO6Jmzo +-> ssh-ed25519 pX8y2g yn4fQ1E54ReKViSKMjyIQWfbHlqwXmAn225hRUt2sVU +OVciEEE58TS7gkJV2kS75hL0z+mzn/I9cFYZQ9m4fCg +-> ssh-ed25519 SYm+hA 3hLgW/LWQ6ilt1hYdHsA6M4YvSkrQauES77Mk0elkG4 +41l9uzYv/6raDNSBGrbH7hULv0cYFY65SlhpuSburHs +-> ssh-ed25519 z6Eu8Q GE324833mb5ff9C+TN3SqazvwW0ZZiqBb56cs8bKjho +8Aogd9tN2sN8DSmKJUfuCifiRMKpD7Cn6CLLazQ2qjk +-> ssh-ed25519 ZQuVNA 2plMxBUBbv3ScEdXBnkvtt/qlP+dG/8+O8gHBChL8lI +1GpPm9oFARwDQfTT25isUZlGKn6BaanIQoiLDzlxzww +-> ssh-ed25519 k2gHjw JlNEYLQixP7LEb0FJu5O54pu1B72WWsml5ELNcFESEc +r8QUuLhEEFyst0JeWd1jahkrcMV/b9KGHj8PSZUZJ10 +-> _a@Yy?HU-grease /wJ2a` WIyE6 ewMVR h,D)T +wAOK28XvNSpz +--- hlIXSQ9X6OM5/uPv+3PMfkuIfiKWpkbdWNHed+q/Hr8 +{gh1Å\PyЯ@sHq8Jxw<翕kVħ T(N.;/)DWz{uNl%vކ50K0ͩnn8\kJOC7oً4cї \ No newline at end of file diff --git a/modules/secrets/users/root-hashed-password.age b/modules/secrets/users/root-hashed-password.age index 0988a49..b373fa4 100644 Binary files a/modules/secrets/users/root-hashed-password.age and b/modules/secrets/users/root-hashed-password.age differ diff --git a/thanatos.nix b/poseidon.nix similarity index 88% rename from thanatos.nix rename to poseidon.nix index e0c2c2d..ecb36c6 100644 --- a/thanatos.nix +++ b/poseidon.nix @@ -10,7 +10,7 @@ ./services # Host-specific config - ./hosts/thanatos + ./hosts/poseidon ]; # This value determines the NixOS release from which the default @@ -19,5 +19,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.11"; # Did you read the comment? + system.stateVersion = "20.09"; # Did you read the comment? } diff --git a/zephyrus.nix b/zephyrus.nix new file mode 100644 index 0000000..e818e48 --- /dev/null +++ b/zephyrus.nix @@ -0,0 +1,23 @@ +{...}: { + imports = [ + # Default configuration + ./base + + # Module definitions + ./modules + + # Service definitions + ./services + + # Host-specific config + ./hosts/zephyrus + ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? +}