intermediate commit

flake.nix

@@ -55,7 +55,7 @@
 
     nixosConfigurations = let
       unstablePkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
-      nixosConfig = nixpkgs: name: config: lib.nixosSystem (lib.recursiveUpdate
+      nixosConfig = nixpkgs: name: configurationPath: config: lib.nixosSystem (lib.recursiveUpdate
         rec {
           system = "x86_64-linux";
           specialArgs = {
@@ -65,7 +65,7 @@
           };
 
           modules = [
-            ./hosts/${name}/configuration.nix
+            configurationPath
             sops-nix.nixosModules.sops
           ] ++ config.modules or [];
 
@@ -84,8 +84,8 @@
         (removeAttrs config [ "modules" "overlays" ])
       );
 
-      stableNixosConfig = nixosConfig nixpkgs;
+      stableNixosConfig = name: config:
-      unstableNixosConfig = nixosConfig nixpkgs-unstable;
+          nixosConfig nixpkgs name ./hosts/${name}/configuration.nix config;
     in {
       bicep = stableNixosConfig "bicep" {
         modules = [
@@ -163,7 +163,16 @@
           inputs.gergle.overlays.default
         ];
       };
-    };
+    } //
+    (let
+      machineNames = map (i: "lupine-${toString i}") (lib.range 1 5);
+      stableLupineNixosConfig = name: config:
+          nixosConfig nixpkgs name ./hosts/lupine/configuration.nix config;
+    in lib.genAttrs machineNames (name: stableLupineNixosConfig name {
+      modules = [
+        { networking.hostname = name; }
+      ];
+    }));
 
     nixosModules = {
       snakeoil-certs = ./modules/snakeoil-certs.nix;

hosts/lupine/configuration.nix

@@ -0,0 +1,33 @@
+{ config, fp, pkgs, values, ... }:
+{
+  imports = [
+    ./hardware/${config.networking.hostname}.nix
+
+    (fp /base)
+    (fp /misc/metrics-exporters.nix)
+  ];
+
+  sops.defaultSopsFile = fp /secrets/lupine/lupine.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  sops.age.generateKey = true;
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  systemd.network.networks."30-enp6s0f0" = values.defaultNetworkConfig // {
+    matchConfig.Name = "enp6s0f0";
+    address = with values.hosts.lupine; [ (ipv4 + "/25") (ipv6 + "/64") ]
+      ++ (with values.services.turn; [ (ipv4 + "/25") (ipv6 + "/64") ]);
+  };
+  systemd.network.wait-online = {
+    anyInterface = true;
+  };
+
+  # There are no smart devices
+  services.smartd.enable = false;
+
+  # Do not change, even during upgrades.
+  # See https://search.nixos.org/options?show=system.stateVersion
+  system.stateVersion = "24.11";
+}

hosts/lupine/hardware/lupine_1.nix

@@ -0,0 +1,40 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/a949e2e8-d973-4925-83e4-bcd815e65af7";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/81D6-38D3";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/82c2d7fa-7cd0-4398-8cf6-c892bc56264b"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/lupine/hardware/lupine_2.nix

@@ -0,0 +1,41 @@
+# IKKE EKTE BARE EN TEST
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/a949e2e8-d973-4925-83e4-bcd815e65af7";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/81D6-38D3";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/82c2d7fa-7cd0-4398-8cf6-c892bc56264b"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/lupine/services/gitea-runners.nix

@@ -0,0 +1,4 @@
+{ config, lib, values, ... }:
+{
+  nameList = builtins.attrNames (builtins.readDir ../hardware);
+}