From 959af7690db7761cf49ce8c6285520a087d42007 Mon Sep 17 00:00:00 2001 From: Thiago Sposito Date: Fri, 17 Oct 2025 18:13:29 -0300 Subject: [PATCH] feat: nixcloud config --- flake.lock | 18 ++--- flake.nix | 17 ++++- hosts/Nixcloud/default.nix | 74 +++++++------------ .../{nixos => }/hardware-configuration.nix | 4 +- hosts/Nixcloud/networking.nix | 54 ++++++++++++++ hosts/Nixcloud/nixos/configuration.nix | 15 ---- hosts/Nixcloud/nixos/networking.nix | 35 --------- hosts/common/users/nimbus/default.nix | 44 ----------- pubkeys/n3k0.pub | 1 + pubkeys/n3k1.pub | 1 + pubkeys/nixbook.pub | 1 + pubkeys/nixstation.pub | 1 + 12 files changed, 113 insertions(+), 152 deletions(-) rename hosts/Nixcloud/{nixos => }/hardware-configuration.nix (88%) create mode 100644 hosts/Nixcloud/networking.nix delete mode 100644 hosts/Nixcloud/nixos/configuration.nix delete mode 100644 hosts/Nixcloud/nixos/networking.nix delete mode 100644 hosts/common/users/nimbus/default.nix create mode 100644 pubkeys/n3k0.pub create mode 100644 pubkeys/n3k1.pub create mode 100644 pubkeys/nixbook.pub create mode 100644 pubkeys/nixstation.pub diff --git a/flake.lock b/flake.lock index a7acc72..f57f1c7 100644 --- a/flake.lock +++ b/flake.lock @@ -199,17 +199,17 @@ ] }, "locked": { - "lastModified": 1759635238, - "narHash": "sha256-UvzKi02LMFP74csFfwLPAZ0mrE7k6EiYaKecplyX9Qk=", - "ref": "refs/heads/master", - "rev": "6e5a38e08a2c31ae687504196a230ae00ea95133", - "revCount": 1047, - "type": "git", - "url": "https://git.sr.ht/~sposito/sops-nix" + "lastModified": 1760393368, + "narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437", + "type": "github" }, "original": { - "type": "git", - "url": "https://git.sr.ht/~sposito/sops-nix" + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" } }, "systems": { diff --git a/flake.nix b/flake.nix index 9b15621..6c03276 100644 --- a/flake.nix +++ b/flake.nix @@ -17,7 +17,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; sops-nix = { - url = "git+https://git.sr.ht/~sposito/sops-nix"; + url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; secrets = { @@ -48,6 +48,7 @@ ./hosts/Nixbook ]; }; + Nixstation = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs outputs; @@ -57,6 +58,16 @@ ./hosts/Nixstation ]; }; + + Nixcloud = nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs outputs; + allowUnfree = false; + }; + modules = [ + ./hosts/Nixcloud + ]; + }; }; homeConfigurations = { @@ -96,6 +107,10 @@ name = "nixstation"; path = self.nixosConfigurations.Nixstation.config.system.build.toplevel; } + { + name = "nixcloud"; + path = self.nixosConfigurations.Nixcloud.config.system.build.toplevel; + } { name = "hm-nixbook"; path = self.homeConfigurations."thiago@Nixbook".activationPackage; diff --git a/hosts/Nixcloud/default.nix b/hosts/Nixcloud/default.nix index e7ae5e5..e2670e3 100644 --- a/hosts/Nixcloud/default.nix +++ b/hosts/Nixcloud/default.nix @@ -6,20 +6,35 @@ ... }: { - imports = [ ./users/nimbus/default.nix ]; - - boot.loader.systemd-boot.enable = true; - - nixpkgs.overlays = [ - (final: prev: { - libnitrokey = prev.libnitrokey.overrideAttrs (old: { - cmakeFlags = (old.cmakeFlags or [ ]) ++ [ - "-DCMAKE_POLICY_VERSION_MINIMUM=3.5" - ]; - }); - }) + imports = [ + ./hardware-configuration.nix + ./networking.nix ]; + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + networking.hostName = "srv1065175"; + networking.domain = "hstgr.cloud"; + services.openssh.enable = true; + users.users = { + root.openssh.authorizedKeys.keyFiles = [ + (builtins.fetchurl { + url = "https://meta.sr.ht/~sposito.keys"; + name = "sposito-srht-keys"; + sha256 = "1mf76x36kd1iaccy6l5f5xnbjqkm1fwf9giws9nb3bvgmj3c25wc"; + }) + ]; + nimbus.openssh.authorizedKeys.keys = [ + (builtins.fetchurl { + url = "https://meta.sr.ht/~sposito.keys"; + name = "sposito-srht-keys"; + sha256 = "1mf76x36kd1iaccy6l5f5xnbjqkm1fwf9giws9nb3bvgmj3c25wc"; + }) + ]; + }; + + system.stateVersion = "23.11"; + environment = { shells = with pkgs; [ bash ]; etc = lib.mapAttrs' (name: value: { @@ -27,23 +42,7 @@ value.source = value.flake; }) config.nix.registry; systemPackages = with pkgs; [ - ccid - exfat - file - fuse3 - gcsfuse git - gnupg - libnitrokey - libusb1 - nix-ld - opensc - pciutils - pcsc-safenet - pcsclite - pcsctools - pkcs11helper - rclone sops wget ]; @@ -63,7 +62,6 @@ }; }; - nixpkgs.config.allowUnfree = true; programs = { gnupg = { agent = { @@ -72,24 +70,6 @@ pinentryPackage = pkgs.pinentry-tty; }; }; - nix-ld = { - enable = true; - libraries = with pkgs; [ - glibc - zlib - ]; - }; }; - services = { - pcscd.enable = true; - # xserver.displayManager.sessionCommands = - # "${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 64 = Alt_L'"; - - udev.packages = [ - pkgs.nitrokey-udev-rules - ]; - }; - users.groups.scard = { }; - time.timeZone = "America/Sao_Paulo"; } diff --git a/hosts/Nixcloud/nixos/hardware-configuration.nix b/hosts/Nixcloud/hardware-configuration.nix similarity index 88% rename from hosts/Nixcloud/nixos/hardware-configuration.nix rename to hosts/Nixcloud/hardware-configuration.nix index 5e7b44e..c0db864 100644 --- a/hosts/Nixcloud/nixos/hardware-configuration.nix +++ b/hosts/Nixcloud/hardware-configuration.nix @@ -1,9 +1,11 @@ { modulesPath, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + boot.loader.grub.device = "/dev/sda"; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; boot.initrd.kernelModules = [ "nvme" ]; fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; - } diff --git a/hosts/Nixcloud/networking.nix b/hosts/Nixcloud/networking.nix new file mode 100644 index 0000000..82cf395 --- /dev/null +++ b/hosts/Nixcloud/networking.nix @@ -0,0 +1,54 @@ +{ lib, ... }: +{ + networking = { + nameservers = [ + "45.143.83.10" + "1.1.1.1" + "8.8.4.4" + ]; + defaultGateway = "72.61.129.254"; + defaultGateway6 = { + address = "2a02:4780:66::1"; + interface = "eth0"; + }; + dhcpcd.enable = false; + usePredictableInterfaceNames = lib.mkForce false; + interfaces = { + eth0 = { + ipv4.addresses = [ + { + address = "72.61.129.56"; + prefixLength = 24; + } + ]; + ipv6.addresses = [ + { + address = "2a02:4780:66:9ac0::1"; + prefixLength = 48; + } + { + address = "fe80::9ce8:d4ff:feb5:50d7"; + prefixLength = 64; + } + ]; + ipv4.routes = [ + { + address = "72.61.129.254"; + prefixLength = 32; + } + ]; + ipv6.routes = [ + { + address = "2a02:4780:66::1"; + prefixLength = 128; + } + ]; + }; + + }; + }; + services.udev.extraRules = '' + ATTR{address}=="9e:e8:d4:b5:50:d7", NAME="eth0" + + ''; +} diff --git a/hosts/Nixcloud/nixos/configuration.nix b/hosts/Nixcloud/nixos/configuration.nix deleted file mode 100644 index 0a9232b..0000000 --- a/hosts/Nixcloud/nixos/configuration.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ ... }: { - imports = [ - ./hardware-configuration.nix - ./networking.nix # generated at runtime by nixos-infect - - ]; - - boot.tmp.cleanOnBoot = true; - zramSwap.enable = true; - networking.hostName = "srv1065175"; - networking.domain = "hstgr.cloud"; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWstSULudWNwPQxyS2J7Qygw8CozDDy8WsPjsYzKPI9s0B/KLU0g1oX42bBvn4DgNpzGrpb6IGHpRQohStt7vcOxb9XpfhIOcIr45gU3k3lcPjh6vj8/ZoNQlRDIfxs83RDImvveYABuI/Hq42mLV1kI5qnQHaJxuW73AuYKNzE3Z3PUl5Kw6MgzSZ96QlpiQDn/js7ZTBF/YZ18kPh9E9O1y+EDhcJ4gn38rFIMYMG/KbJB22hYyYQHo0WkJlZ2jScnjv1op2yHPM4lfjOnnyL+LhOQLN8VrHayDWXtJcIW0nEKT+1R/7qkSH/5ELA2c/gznfkdTDzfG8+P3WAzNF openpgp:0xC25417F1 n3k0'' '''' ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICRAJaRuXqVeAs/Y5CeTbyc9lSbyvchkVqiML/yl6wbh thiago@Nixbook'' ]; - system.stateVersion = "23.11"; -} diff --git a/hosts/Nixcloud/nixos/networking.nix b/hosts/Nixcloud/nixos/networking.nix deleted file mode 100644 index 30f9f61..0000000 --- a/hosts/Nixcloud/nixos/networking.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib, ... }: { - # This file was populated at runtime with the networking - # details gathered from the active system. - networking = { - nameservers = [ "45.143.83.10" - "1.1.1.1" - "8.8.4.4" - ]; - defaultGateway = "72.61.129.254"; - defaultGateway6 = { - address = "2a02:4780:66::1"; - interface = "eth0"; - }; - dhcpcd.enable = false; - usePredictableInterfaceNames = lib.mkForce false; - interfaces = { - eth0 = { - ipv4.addresses = [ - { address="72.61.129.56"; prefixLength=24; } - ]; - ipv6.addresses = [ - { address="2a02:4780:66:9ac0::1"; prefixLength=48; } -{ address="fe80::9ce8:d4ff:feb5:50d7"; prefixLength=64; } - ]; - ipv4.routes = [ { address = "72.61.129.254"; prefixLength = 32; } ]; - ipv6.routes = [ { address = "2a02:4780:66::1"; prefixLength = 128; } ]; - }; - - }; - }; - services.udev.extraRules = '' - ATTR{address}=="9e:e8:d4:b5:50:d7", NAME="eth0" - - ''; -} diff --git a/hosts/common/users/nimbus/default.nix b/hosts/common/users/nimbus/default.nix deleted file mode 100644 index 00d969f..0000000 --- a/hosts/common/users/nimbus/default.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ pkgs, config, ... }: -let - ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; -in -{ - users.users.nimbus = { - - isNormalUser = true; - initialPassword = "changeme"; - extraGroups = [ - "fuse" - "networkmanager" - "scard" - "wheel" - ] - ++ ifTheyExist [ - "docker" - "git" - "i2c" - "kvm" - "libvirt" - "libvirtd" - "photos" - "scanner" - "video" - "wireshark" - ]; - openssh.authorizedKeys.keyFiles = [ - (builtins.fetchurl { - url = "https://meta.sr.ht/~sposito.keys"; - name = "sposito-srht-keys"; - sha256 = "1mf76x36kd1iaccy6l5f5xnbjqkm1fwf9giws9nb3bvgmj3c25wc"; - }) - ]; - - packages = with pkgs; [ - git - podman - podman-compose - nginx - ]; - }; - -} diff --git a/pubkeys/n3k0.pub b/pubkeys/n3k0.pub new file mode 100644 index 0000000..9adb8d7 --- /dev/null +++ b/pubkeys/n3k0.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWstSULudWNwPQxyS2J7Qygw8CozDDy8WsPjsYzKPI9s0B/KLU0g1oX42bBvn4DgNpzGrpb6IGHpRQohStt7vcOxb9XpfhIOcIr45gU3k3lcPjh6vj8/ZoNQlRDIfxs83RDImvveYABuI/Hq42mLV1kI5qnQHaJxuW73AuYKNzE3Z3PUl5Kw6MgzSZ96QlpiQDn/js7ZTBF/YZ18kPh9E9O1y+EDhcJ4gn38rFIMYMG/KbJB22hYyYQHo0WkJlZ2jScnjv1op2yHPM4lfjOnnyL+LhOQLN8VrHayDWXtJcIW0nEKT+1R/7qkSH/5ELA2c/gznfkdTDzfG8+P3WAzNF openpgp:0xC25417F1 n3k0 \ No newline at end of file diff --git a/pubkeys/n3k1.pub b/pubkeys/n3k1.pub new file mode 100644 index 0000000..c01d74b --- /dev/null +++ b/pubkeys/n3k1.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCIjzAEFn4nlJhYBk5k8ASRPj4g0WRz7NiQSe3MsNLQ8i5Trp6EeyNYvQiQMXD/mJdMTDOH05QdwLSEVN9b2R/hCi/lXjj6I7oOnLPwb9hM6t/dCrMoHqVTYz3/nTM8UX0xzceEUnse7cMifRInpdE1zm6zROCkrlpnGNhR35+om+Ou5lPjuswm1+L9nbFGuOAuDPFwShQlgW+M1qA9W2jkalTnOhkQpz+iq7pXEwxwNgZNnzFrvBbmiRrBEwZNGJJhZJPMSxylcjoWjkWky4NDtkGV93ce7kce1QKeTFTITutZCXqused+axCOKY+O713Ae+r50Esi/+WN9UEk0F5B openpgp:0x37A2701D diff --git a/pubkeys/nixbook.pub b/pubkeys/nixbook.pub new file mode 100644 index 0000000..08a9596 --- /dev/null +++ b/pubkeys/nixbook.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICRAJaRuXqVeAs/Y5CeTbyc9lSbyvchkVqiML/yl6wbh thiago@Nixbook \ No newline at end of file diff --git a/pubkeys/nixstation.pub b/pubkeys/nixstation.pub new file mode 100644 index 0000000..279d8be --- /dev/null +++ b/pubkeys/nixstation.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjC5EuxC6un3StoRkn1X1Mv09Mx1icGfN5fnlWRfqFPtiwAusJA+q0p2MktujY/+kDOpzExtjbXP5CtW7zcUfeitO26BY0WH106P4ttsq/0zzq5pmPXxGn9crN7JqFp3f9LMlL0F+3Oa0mJ6HcS2UgQEUYS6ofJBV1CLeMfkv75F+iy7AG1V9EaT4pvwdmAJ+6XXSo+UtadWOZGlWVRETyDcxa2H/aS/e+JrQfeAHM9f9cyeZqO9OHFWmuzHDc2T014+OhzzWnLUC/nUc1KUELvha1cT1ViMbcF62cjQXxip/5GGsIkw+7PdJFTn3ITwRO1+06qs6WnO4ceh8wIyOblUgTfRvIXkB7nnanC3CupqLbT+s/HeRiwnI4aih7lDrB717dPTy/ZfNXqxy1K51bZzRTXzkY+oUF1eqG37KvGoFZ6Zjf8KMrtTWBhqdIWV/kY4ZBTtvtiU81iXEWbobcyTzsIzKtZhCrGt+KxFUYV90u+ts3jrFdHIsN/tIzuEKz2ZZ8f749u2Q9jgIwe1KLtTwmSDjAV5gkbnE7ZDMB82pTzlwdrZ/VkCIu3/EtoWq3Y+NrKL4OzWL74Tzgsn28jvsegrnz5Lp24zPpNmBzCgbkwPStFjvp16G6pUiTLAAn9YiBqYbbvDbGxun55QMwYORGsdk5hISaC/cPzaUKkQ== thiago@sposito.ch \ No newline at end of file