feat: nixcloud config

flake.lock

@@ -199,17 +199,17 @@
         ]
       },
       "locked": {
-        "lastModified": 1759635238,
-        "narHash": "sha256-UvzKi02LMFP74csFfwLPAZ0mrE7k6EiYaKecplyX9Qk=",
-        "ref": "refs/heads/master",
-        "rev": "6e5a38e08a2c31ae687504196a230ae00ea95133",
-        "revCount": 1047,
-        "type": "git",
-        "url": "https://git.sr.ht/~sposito/sops-nix"
+        "lastModified": 1760393368,
+        "narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437",
+        "type": "github"
       },
       "original": {
-        "type": "git",
-        "url": "https://git.sr.ht/~sposito/sops-nix"
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
       }
     },
     "systems": {

flake.nix

@@ -17,7 +17,7 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
     sops-nix = {
-      url = "git+https://git.sr.ht/~sposito/sops-nix";
+      url = "github:Mic92/sops-nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     secrets = {
@@ -48,6 +48,7 @@
             ./hosts/Nixbook
           ];
         };
+        
         Nixstation = nixpkgs.lib.nixosSystem {
           specialArgs = {
             inherit inputs outputs;
@@ -57,6 +58,16 @@
             ./hosts/Nixstation
           ];
         };
+
+        Nixcloud = nixpkgs.lib.nixosSystem {
+          specialArgs = {
+            inherit inputs outputs;
+            allowUnfree = false;
+          };
+          modules = [
+            ./hosts/Nixcloud
+          ];
+        };
       };
 
       homeConfigurations = {
@@ -96,6 +107,10 @@
           name = "nixstation";
           path = self.nixosConfigurations.Nixstation.config.system.build.toplevel;
         }
+        {
+          name = "nixcloud";
+          path = self.nixosConfigurations.Nixcloud.config.system.build.toplevel;
+        }
         {
           name = "hm-nixbook";
           path = self.homeConfigurations."thiago@Nixbook".activationPackage;

hosts/Nixcloud/default.nix

@@ -6,19 +6,34 @@
   ...
 }:
 {
-  imports = [ ./users/nimbus/default.nix ];
-
-  boot.loader.systemd-boot.enable = true;
-
-  nixpkgs.overlays = [
-    (final: prev: {
-      libnitrokey = prev.libnitrokey.overrideAttrs (old: {
-        cmakeFlags = (old.cmakeFlags or [ ]) ++ [
-          "-DCMAKE_POLICY_VERSION_MINIMUM=3.5"
+  imports = [
+    ./hardware-configuration.nix
+    ./networking.nix
   ];
-      });
+
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = true;
+  networking.hostName = "srv1065175";
+  networking.domain = "hstgr.cloud";
+  services.openssh.enable = true;
+  users.users = {
+    root.openssh.authorizedKeys.keyFiles = [
+      (builtins.fetchurl {
+        url = "https://meta.sr.ht/~sposito.keys";
+        name = "sposito-srht-keys";
+        sha256 = "1mf76x36kd1iaccy6l5f5xnbjqkm1fwf9giws9nb3bvgmj3c25wc";
       })
     ];
+    nimbus.openssh.authorizedKeys.keys = [
+      (builtins.fetchurl {
+        url = "https://meta.sr.ht/~sposito.keys";
+        name = "sposito-srht-keys";
+        sha256 = "1mf76x36kd1iaccy6l5f5xnbjqkm1fwf9giws9nb3bvgmj3c25wc";
+      })
+    ];
+  };
+
+  system.stateVersion = "23.11";
 
   environment = {
     shells = with pkgs; [ bash ];
@@ -27,23 +42,7 @@
       value.source = value.flake;
     }) config.nix.registry;
     systemPackages = with pkgs; [
-      ccid
-      exfat
-      file
-      fuse3
-      gcsfuse
       git
-      gnupg
-      libnitrokey
-      libusb1
-      nix-ld
-      opensc
-      pciutils
-      pcsc-safenet
-      pcsclite
-      pcsctools
-      pkcs11helper
-      rclone
       sops
       wget
     ];
@@ -63,7 +62,6 @@
     };
   };
 
-  nixpkgs.config.allowUnfree = true;
   programs = {
     gnupg = {
       agent = {
@@ -72,24 +70,6 @@
         pinentryPackage = pkgs.pinentry-tty;
       };
     };
-    nix-ld = {
-      enable = true;
-      libraries = with pkgs; [
-        glibc
-        zlib
-      ];
   };
-  };
-  services = {
-    pcscd.enable = true;
-    # xserver.displayManager.sessionCommands =
-    #   "${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 64 = Alt_L'";
-
-    udev.packages = [
-      pkgs.nitrokey-udev-rules
-    ];
-  };
-  users.groups.scard = { };
-
   time.timeZone = "America/Sao_Paulo";
 }

hosts/Nixcloud/hardware-configuration.nix

@@ -1,9 +1,11 @@
 { modulesPath, ... }:
 {
   imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  
+  nixpkgs.hostPlatform = "x86_64-linux";
+  
   boot.loader.grub.device = "/dev/sda";
   boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
   boot.initrd.kernelModules = [ "nvme" ];
   fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
-  
 }

hosts/Nixcloud/networking.nix

@@ -0,0 +1,54 @@
+{ lib, ... }:
+{
+  networking = {
+    nameservers = [
+      "45.143.83.10"
+      "1.1.1.1"
+      "8.8.4.4"
+    ];
+    defaultGateway = "72.61.129.254";
+    defaultGateway6 = {
+      address = "2a02:4780:66::1";
+      interface = "eth0";
+    };
+    dhcpcd.enable = false;
+    usePredictableInterfaceNames = lib.mkForce false;
+    interfaces = {
+      eth0 = {
+        ipv4.addresses = [
+          {
+            address = "72.61.129.56";
+            prefixLength = 24;
+          }
+        ];
+        ipv6.addresses = [
+          {
+            address = "2a02:4780:66:9ac0::1";
+            prefixLength = 48;
+          }
+          {
+            address = "fe80::9ce8:d4ff:feb5:50d7";
+            prefixLength = 64;
+          }
+        ];
+        ipv4.routes = [
+          {
+            address = "72.61.129.254";
+            prefixLength = 32;
+          }
+        ];
+        ipv6.routes = [
+          {
+            address = "2a02:4780:66::1";
+            prefixLength = 128;
+          }
+        ];
+      };
+
+    };
+  };
+  services.udev.extraRules = ''
+    ATTR{address}=="9e:e8:d4:b5:50:d7", NAME="eth0"
+
+  '';
+}

hosts/Nixcloud/nixos/configuration.nix

@@ -1,15 +0,0 @@
-{ ... }: {
-  imports = [
-    ./hardware-configuration.nix
-    ./networking.nix # generated at runtime by nixos-infect
-    
-  ];
-
-  boot.tmp.cleanOnBoot = true;
-  zramSwap.enable = true;
-  networking.hostName = "srv1065175";
-  networking.domain = "hstgr.cloud";
-  services.openssh.enable = true;
-  users.users.root.openssh.authorizedKeys.keys = [''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWstSULudWNwPQxyS2J7Qygw8CozDDy8WsPjsYzKPI9s0B/KLU0g1oX42bBvn4DgNpzGrpb6IGHpRQohStt7vcOxb9XpfhIOcIr45gU3k3lcPjh6vj8/ZoNQlRDIfxs83RDImvveYABuI/Hq42mLV1kI5qnQHaJxuW73AuYKNzE3Z3PUl5Kw6MgzSZ96QlpiQDn/js7ZTBF/YZ18kPh9E9O1y+EDhcJ4gn38rFIMYMG/KbJB22hYyYQHo0WkJlZ2jScnjv1op2yHPM4lfjOnnyL+LhOQLN8VrHayDWXtJcIW0nEKT+1R/7qkSH/5ELA2c/gznfkdTDzfG8+P3WAzNF openpgp:0xC25417F1 n3k0'' '''' ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICRAJaRuXqVeAs/Y5CeTbyc9lSbyvchkVqiML/yl6wbh thiago@Nixbook'' ];
-  system.stateVersion = "23.11";
-}

hosts/Nixcloud/nixos/networking.nix

@@ -1,35 +0,0 @@
-{ lib, ... }: {
-  # This file was populated at runtime with the networking
-  # details gathered from the active system.
-  networking = {
-    nameservers = [ "45.143.83.10"
- "1.1.1.1"
- "8.8.4.4"
- ];
-    defaultGateway = "72.61.129.254";
-    defaultGateway6 = {
-      address = "2a02:4780:66::1";
-      interface = "eth0";
-    };
-    dhcpcd.enable = false;
-    usePredictableInterfaceNames = lib.mkForce false;
-    interfaces = {
-      eth0 = {
-        ipv4.addresses = [
-          { address="72.61.129.56"; prefixLength=24; }
-        ];
-        ipv6.addresses = [
-          { address="2a02:4780:66:9ac0::1"; prefixLength=48; }
-{ address="fe80::9ce8:d4ff:feb5:50d7"; prefixLength=64; }
-        ];
-        ipv4.routes = [ { address = "72.61.129.254"; prefixLength = 32; } ];
-        ipv6.routes = [ { address = "2a02:4780:66::1"; prefixLength = 128; } ];
-      };
-      
-    };
-  };
-  services.udev.extraRules = ''
-    ATTR{address}=="9e:e8:d4:b5:50:d7", NAME="eth0"
-    
-  '';
-}

hosts/common/users/nimbus/default.nix

@@ -1,44 +0,0 @@
-{ pkgs, config, ... }:
-let
-  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
-in
-{
-  users.users.nimbus = {
-
-    isNormalUser = true;
-    initialPassword = "changeme";
-    extraGroups = [
-      "fuse"
-      "networkmanager"
-      "scard"
-      "wheel"
-    ]
-    ++ ifTheyExist [
-      "docker"
-      "git"
-      "i2c"
-      "kvm"
-      "libvirt"
-      "libvirtd"
-      "photos"
-      "scanner"
-      "video"
-      "wireshark"
-    ];
-    openssh.authorizedKeys.keyFiles = [
-      (builtins.fetchurl {
-        url = "https://meta.sr.ht/~sposito.keys";
-        name = "sposito-srht-keys";
-        sha256 = "1mf76x36kd1iaccy6l5f5xnbjqkm1fwf9giws9nb3bvgmj3c25wc";
-      })
-    ];
-
-    packages = with pkgs; [
-      git
-      podman
-      podman-compose
-      nginx
-    ];
-  };
-
-}

pubkeys/n3k0.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWstSULudWNwPQxyS2J7Qygw8CozDDy8WsPjsYzKPI9s0B/KLU0g1oX42bBvn4DgNpzGrpb6IGHpRQohStt7vcOxb9XpfhIOcIr45gU3k3lcPjh6vj8/ZoNQlRDIfxs83RDImvveYABuI/Hq42mLV1kI5qnQHaJxuW73AuYKNzE3Z3PUl5Kw6MgzSZ96QlpiQDn/js7ZTBF/YZ18kPh9E9O1y+EDhcJ4gn38rFIMYMG/KbJB22hYyYQHo0WkJlZ2jScnjv1op2yHPM4lfjOnnyL+LhOQLN8VrHayDWXtJcIW0nEKT+1R/7qkSH/5ELA2c/gznfkdTDzfG8+P3WAzNF openpgp:0xC25417F1 n3k0

pubkeys/n3k1.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCIjzAEFn4nlJhYBk5k8ASRPj4g0WRz7NiQSe3MsNLQ8i5Trp6EeyNYvQiQMXD/mJdMTDOH05QdwLSEVN9b2R/hCi/lXjj6I7oOnLPwb9hM6t/dCrMoHqVTYz3/nTM8UX0xzceEUnse7cMifRInpdE1zm6zROCkrlpnGNhR35+om+Ou5lPjuswm1+L9nbFGuOAuDPFwShQlgW+M1qA9W2jkalTnOhkQpz+iq7pXEwxwNgZNnzFrvBbmiRrBEwZNGJJhZJPMSxylcjoWjkWky4NDtkGV93ce7kce1QKeTFTITutZCXqused+axCOKY+O713Ae+r50Esi/+WN9UEk0F5B openpgp:0x37A2701D

pubkeys/nixbook.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICRAJaRuXqVeAs/Y5CeTbyc9lSbyvchkVqiML/yl6wbh thiago@Nixbook

pubkeys/nixstation.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjC5EuxC6un3StoRkn1X1Mv09Mx1icGfN5fnlWRfqFPtiwAusJA+q0p2MktujY/+kDOpzExtjbXP5CtW7zcUfeitO26BY0WH106P4ttsq/0zzq5pmPXxGn9crN7JqFp3f9LMlL0F+3Oa0mJ6HcS2UgQEUYS6ofJBV1CLeMfkv75F+iy7AG1V9EaT4pvwdmAJ+6XXSo+UtadWOZGlWVRETyDcxa2H/aS/e+JrQfeAHM9f9cyeZqO9OHFWmuzHDc2T014+OhzzWnLUC/nUc1KUELvha1cT1ViMbcF62cjQXxip/5GGsIkw+7PdJFTn3ITwRO1+06qs6WnO4ceh8wIyOblUgTfRvIXkB7nnanC3CupqLbT+s/HeRiwnI4aih7lDrB717dPTy/ZfNXqxy1K51bZzRTXzkY+oUF1eqG37KvGoFZ6Zjf8KMrtTWBhqdIWV/kY4ZBTtvtiU81iXEWbobcyTzsIzKtZhCrGt+KxFUYV90u+ts3jrFdHIsN/tIzuEKz2ZZ8f749u2Q9jgIwe1KLtTwmSDjAV5gkbnE7ZDMB82pTzlwdrZ/VkCIu3/EtoWq3Y+NrKL4OzWL74Tzgsn28jvsegrnz5Lp24zPpNmBzCgbkwPStFjvp16G6pUiTLAAn9YiBqYbbvDbGxun55QMwYORGsdk5hISaC/cPzaUKkQ== thiago@sposito.ch