NASP/NixOS-Config
35
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: prepare for g17

Browse Source
This commit is contained in:
Dict Xiong 2024-06-15 11:16:13 +08:00
parent c1636dbb71
commit 072658fe87
5 changed files with 104 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.sops.yaml
View File

@ -12,6 +12,7 @@ keys:
- &g12 age1mxqwn0gw25yaj48nkhe4nsc60l25nam0fdlaeqd8z5ft2rxhv9ksuc5fyq - &g12 age1mxqwn0gw25yaj48nkhe4nsc60l25nam0fdlaeqd8z5ft2rxhv9ksuc5fyq
- &g13 age1gucxgrgz6fadrqq0eyu5366s8946ctmsvtkw96r498gr7we4depq8pj578 - &g13 age1gucxgrgz6fadrqq0eyu5366s8946ctmsvtkw96r498gr7we4depq8pj578
- &g14 age14zehkczemky9y0gucf245zw73y4waq8w03lqakanlvjyxgwzcycqj47shq - &g14 age14zehkczemky9y0gucf245zw73y4waq8w03lqakanlvjyxgwzcycqj47shq
- &g17 age1wgl7dh762a8a9ag4rmcrjq3yu36xww254mkm6gl3zksq9jswsu3q0dq3en
creation_rules: creation_rules:
- path_regex: hosts/g1/[^/]+\.(yaml|json|env|ini)$ - path_regex: hosts/g1/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
@ -85,3 +86,9 @@ creation_rules:
- *dictxiong-pgp - *dictxiong-pgp
age: age:
- *g14 - *g14
- path_regex: hosts/g17/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *dictxiong-pgp
age:
- *g17

1
flake.nix
View File

@ -21,6 +21,7 @@
"g12" "g12"
"g13" "g13"
"g14" "g14"
"g17"
]; ];
in in
{ {

21
hosts/g17/configuration.nix Normal file
View File

@ -0,0 +1,21 @@
{ config, lib, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
../modules/nasp.nix
];
nasp = {
enable = true;
gSeries = {
enable = true;
serial = 17;
eth0Name = "eno1";
eth1Name = "eno2";
eth2Name = "eno4";
};
};
networking.hostId = "c5543d16";
system.stateVersion = "24.05";
}

43
hosts/g17/hardware-configuration.nix Normal file
View File

@ -0,0 +1,43 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "megaraid_sas" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/cfb5d0ae-3de5-4b2a-b580-e92ff522d132";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/9283-AF0B";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/e4841a52-0280-4cbe-9cf8-34b7cb9f8b0c"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.eno3.useDHCP = lib.mkDefault true;
# networking.interfaces.eno4.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

32
hosts/g17/secrets.yaml Normal file
View File

@ -0,0 +1,32 @@
telegraf: ENC[AES256_GCM,data:3rrrutnnLkh8klJaHrjdrLI+VBG9gH4XQ1w4/VYmT0eRaXHqZ5F17BZUMftTOw9JL8NW5akWI//b1ddFQDfKkZ7rw8Xazop4fl4bN3XC7OyH4bqxh1j88UMkOEM82i9dvZ29eq2FCAbECf8WlmEcQ1xtCi2XmvVwlslEnj9ZHj1Oi64bTli4EIG4bIZ+4EA9,iv:0Dcj4xB9hrIR5/w12fZGJKy/wtqd0tkgDb0QBWCFur4=,tag:xqvCbLaexzKiINJ62IpPFw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1wgl7dh762a8a9ag4rmcrjq3yu36xww254mkm6gl3zksq9jswsu3q0dq3en
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByVnFEZkdCeDV6ZGIzNFB3
WVF3blV2dWd3R2VVWTY3ZlBQbnRuTW9xL2pjCnJmakRhdTBHdjNNdjhzVndDeDA1
WEs3QWF3WVE0YmlJVlJKODdESTBtaTAKLS0tIGJIRU9LVUJsUXJ5WFVqS1k5QVZQ
K3dhSkErakVCRG9MalJUYm51bitlZE0Kje6z96WdbMzziLZ7B2dth6y8VUx9vxr1
HSGdzQn418WBQzLBeTh81fMmNIEactzLasYSQdTeXNmcBkE/ynzchQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-15T03:15:14Z"
mac: ENC[AES256_GCM,data:oDj5cDna4hMDDc4nRfads+3BlhvFURPGS0rBUr5etNZzJKUkpCzoQx67HfMucu1DNmGHebP/Mr7nFqVorpVTC38MlU7ZjsKnEf51IC8dEz9BK4kL7eK6vGIGyXiaTVpABt2+VKZxgApAutkTJv3jZbRFfm4mSVspha3qjMM1JUs=,iv:pJi+oG6dsW2Ve8ofZtLfWocWYL98TCBQz1spO9InoLg=,tag:/3CSpOwIFFJQemnyyix04w==,type:str]
pgp:
- created_at: "2024-06-15T03:14:49Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DLBF4i730Eg8SAQdAPeAQlvqokvyJjok4uyrmbTs6hsUSMX5p/GPh54AFEk8w
VNWogQ4ACiPfvp8McZgR+Xg1lqMotqtJZII4Ul7T/9TX+tLfrWemqCIo7cA4zvVZ
0lwB3XowqHltvNxxRktzfbuixN7POl7OUD7xb2Kqjat0Xdr4RUPbkmd5MdUldhED
lnWCH7FR+V9S3HA8XmoIpirz41za5UhTTmNND74mZVVB2iT5fvuv3CokldzQMw==
=17Xh
-----END PGP MESSAGE-----
fp: 3E241558655D7FE06C6711A5A5D6250D1806CAA8
unencrypted_suffix: _unencrypted
version: 3.8.1