hosts/sugarcane: init

flake.nix

@@ -86,6 +86,7 @@
       nixosConfigurations."fondue" = mkSystem nixpkgs "fondue" "x86_64-linux" false;
 
       nixosConfigurations."caramel" = mkSystem nixpkgs-porcupine "caramel" "aarch64-linux" false;
+      nixosConfigurations."sugarcane" = mkSystem nixpkgs-porcupine "sugarcane" "x86_64-linux" false;
 
       packages."x86_64-linux" =
         let

hosts/sugarcane/default.nix

@@ -0,0 +1,26 @@
+{ config, inputs, modules, modulesPath, overlays, pkgs, ... }: {
+  networking.hostName = "sugarcane";
+  system.stateVersion = "21.11";
+  time.timeZone = "Asia/Singapore";
+
+  age.secrets = {
+    passwd.file = ../../secrets/passwd.age;
+  };
+  imports = with modules.system; [
+    (modulesPath + "/profiles/qemu-guest.nix")
+    inputs.home-manager-porcupine.nixosModule
+
+    base
+    home-manager
+    input
+    nix
+    security
+
+    ./filesystem.nix
+    ./kernel.nix
+    ./networking.nix
+    ./packages.nix
+
+    ../../users/hana
+  ];
+}

hosts/sugarcane/filesystem.nix

@@ -0,0 +1,37 @@
+{ config, ... }:
+let
+  bind = src: {
+    depends = [ "/nix" ];
+    device = src;
+    fsType = "none";
+    neededForBoot = true;
+    options = [ "bind" ];
+  };
+in {
+  fileSystems = {
+    "/" = {
+      device = "rootfs";
+      fsType = "tmpfs";
+      options = [ "defaults" "size=2G" "mode=755" ];
+    };
+
+    "/mnt" = {
+      device = "/dev/disk/by-uuid/19d572a8-1cf6-4b9c-94c6-3ce6be54f719";
+      fsType = "ext4";
+      options = [ "defaults" "noatime" ];
+      neededForBoot = true;
+    };
+
+    "/nix" = {
+      depends = [ "/mnt" ];
+      device = "/mnt/nix";
+      fsType = "none";
+      neededForBoot = true;
+      options = [ "bind" ];
+    };
+
+    "/var/persist" = bind "/nix/persist";
+    "/var/log/journal" = bind "/nix/persist/journal";
+    "/boot" = bind "/nix/persist/boot";
+  };
+}

hosts/sugarcane/kernel.nix

@@ -0,0 +1,17 @@
+{ config, inputs, pkgs, ... }: {
+  boot = {
+    loader = {
+      systemd-boot.enable = false;
+      efi.canTouchEfiVariables = true;
+      grub = {
+        enable = true;
+        device = "/dev/sda";
+      };
+    };
+    initrd.kernelModules = [ "nvme" ];
+    kernel.sysctl = {
+      "kernel.core_pattern" = "|/bin/false";
+      "kernel.sysrq" = 1;
+    };
+  };
+}

hosts/sugarcane/networking.nix

@@ -0,0 +1,6 @@
+{ config, ... }: {
+  networking = {
+    useDHCP = false;
+    interfaces.ens3.useDHCP = true;
+  };
+}

hosts/sugarcane/packages.nix

@@ -0,0 +1,15 @@
+{ lib, pkgs, ... }: {
+  environment.systemPackages = with pkgs; [
+    git
+    htop
+    jq
+    neovim
+    rsync
+    sshfs
+    wget
+
+    kitty.terminfo
+  ];
+  environment.variables.EDITOR = "nvim";
+  nix.package = lib.mkForce pkgs.nix_2_4;
+}

secrets.nix

@@ -3,12 +3,13 @@ let
   blossom = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5wfPCcpkNR3ubr7cBV0UwVCDo/sMmV0aI/JOJTIxQj";
   caramel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPFJT1XYyjDZFHYT/8RdxAReKkeU8QfpLrmMjEeW/80";
   fondue = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIkKZYsYWnI+MgecBjOwf7aL5jtiT0ymCDme3pzucTei";
+  sugarcane = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImymDDLSOdLcsox8wxS9Z84fsbsz6Mi58OU0od2p/ZQ";
 
   rin-apricot = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINxzygMMJ/hmPRUeQu/eMmEhAKfFSFIEVstDIerPzxgZ";
   rin-blossom = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15";
   rin-fondue = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbPamP5bovUsrBNYnjOk4SN2TaQZAVlJ+4JldK2cL5M";
 in {
-  "secrets/passwd.age".publicKeys = [ apricot caramel fondue blossom rin-apricot rin-fondue rin-blossom ];
+  "secrets/passwd.age".publicKeys = [ apricot caramel fondue sugarcane blossom rin-apricot rin-fondue rin-blossom ];
   "secrets/wpa_conf.age".publicKeys = [ apricot caramel blossom rin-apricot rin-blossom ];
 
   "secrets/wg_apricot.age".publicKeys = [ apricot rin-apricot rin-blossom ];

secrets/wg_apricot.age

@@ -1,12 +1,12 @@
 age-encryption.org/v1
--> ssh-ed25519 U9FXlg H7n5IC6XGcAY9tC8lRFEolb9KD/goej4Dlug5AxkBDU
-3asR+ee3SZ3NOmLOcv2FNHVfX/YmxU9V/wYiyl8dmXM
--> ssh-ed25519 pumkzw kpBvxdtF3dSm67XAu/hEKYylCP131PueSJCQaSLV+ls
-MoftJyimviq9t74Jb8WnZj9vimzeXzLXSmf2LPG8qaE
--> ssh-ed25519 l9dSQg 3pbs05PKX0IEDJa4hcLi6JOVxRwfNYn2ZIM+KtbJ2ww
-ab2FQXyW0iEgR2CNNimEye3yeclhaQEJ6bK+1Nxhtzk
--> T-grease
-B9RPVaCLtAcnepxeFChMUqEgXQ
---- eB7HKAkFMS1Za08uhuDbHIDThRwLicbadCILSEDebY0
-
°‰%aaÀ<61>w°\ê<>†
-ª‚7”59ödÈ…GŸš~zT2µ¢úz¤<¾#1Þªš	áVgU¨}…ѦÖÞjŠIêRÓêø³À¶Žw
+-> ssh-ed25519 U9FXlg aNYTL/nwaVZhtBHlTR9DkfJC5zFIzjNM9k2Zysfn9xg
+L6Bpo+HXojQQvBuqbgrm9CbZ33vphpR7Wtt90DbN04k
+-> ssh-ed25519 pumkzw aUd2plw9XAGJIWwxbQqxrtaqj51sa1Z2f1tX1N5Gg2s
+JGlz/PEGpRJactz2IgT0zjUBwYw2Qs0120zMy7pmKSM
+-> ssh-ed25519 l9dSQg bZBVF5DyRdgg6ewsab2Vw0xvHRV9prNOOmyTEWshJHg
+74djfgSBZlyja7gi/Ia2+rCh8+fd01I68QV8/zVvLCE
+-> B-grease ,c&T' J-N rrREz8
+Ky9u8nrc7wTcIBqczcsKUbIG8OSZ6T0P2NWCIOQqI0CweBSGn7HKi5bTkU7rRGsi
+/8OHTW9//3wT1GZpqJ8spil2JW82V+LrVZnRc1lBufADBQ
+--- +AhMEjhdNZb/nP3eSwbsFcQL96EnYcfV8xlW+UTc1fs
+ÈÊßi<EFBFBD>gƒu]6”–g¦F7Ð/­A/ô†‡Ì,¦
Ñrº45<34>0.5ƒ’Éû»yH¯ìÎT$¡®8åÀ~æƒ@áÞ2ßÛ#Yþº'Þ%¡

secrets/wg_blossom.age

@@ -1,10 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 U9FXlg aEmRkLTbk+LlxGIheQpHuW1DOP+dL9fJEKeqMorIeVs
-T0f+AZVjcx9pEmqNESmFug61WHs6qqMjV4exKxHl+Ag
--> ssh-ed25519 CUCjXQ 4u8pj84nEA2CuUCYg1ISjllbt99uPhD34TbsRj1KdhY
-hu23nGobEw3cBoyJxkcdKUkaY/37D8sD5htyYnCZG0I
--> L.~Rob(-grease ?5j+u9
-eg1GiLMCsxHS78B/KIUUtA/XHr8BCo1dNh23Y3BZ0Sm6dIsNOWwuZy4sldAK3OgB
-G+bJC4ZTujaqLGZOkX71q989+VVellR8nj9kAuk3weTqVJ6/kIUHMks0Fw
---- xGTF6ckdRW+rkqfBE/iRFd8A+QBvSm/0sYP0HVN6C+0
-®$WqîPOKř^µŮŔŮůfeŘĺ^ç<>b˘÷Ä™$Žŕ@٤˛ŮŃfšl†Łž˝˘păČë±Ń\‹S(Z§É4ÍŕIhŐ8™|PGn®îč
+-> ssh-ed25519 U9FXlg O8omuS7auqSwFeVEEHSxRvjaUDm93AM/j5+cQ5FFVgo
+p1I+UeyLvdYZQ5gsNOihMOU6WIFT66HnLa1YKnvGxAA
+-> ssh-ed25519 CUCjXQ CXt9AlwvqCFahVaoU0puuRG2krzxW3AReSn1N87iYko
+SiKoTLp4wFK3AAWlNpQ9iYVhmaI4idmR0CPKTo0ifk4
+-> gy-grease obh[ be}>:8F &> [T%
+hri2u1qHn9rr+m6BrJ8NSVX7IZ0fPbP/RVe8iwtMQY81uypAkL/NWhOIB2vPup26
+cCRNl0GR1XAzUJh8u6ShLr6JHtDc
+--- GcSghQ9kwCBi3HS0PniOSUGzk3asMlZGRPKfZvxVIig
+鄈8媓"H擸ヾ/
檜2Kfv"?t寽祱LkQ
Q挣菧枚璟<E69E9A>1B會R逾"綛g:hbt蹠<74>L崐溛/囂
唶<>