hosts/europa: init

2024-07-18 15:10:36 +02:00 · 2024-07-18 15:10:36 +02:00 · 221e425235
parent 881aaedd4a
commit 221e425235
9 changed files with 211 additions and 35 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -3,6 +3,7 @@ keys:
  - &host_tsuki age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst
  - &host_kasei age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc
  - &host_dosei age179y7apa80p9unvyjtsphpzyhve90ex986vlxkx43xt9n6m7en3csqnug7c
+  - &host_europa age14mer45e52r2q4uz8n3fmv69tvk8gvwany4m4ndudud8ajv3jm4nqdj9m6a
  - &home age10f4a5acpar8vwz3v298r3nv7gggfpmyh4wxpkc2hwq9paq0scf8qee8lau

 creation_rules:
@ -14,6 +15,7 @@ creation_rules:
        - *host_tsuki
        - *host_kasei
        - *host_dosei
+        - *host_europa
        - *home

  - path_regex: secrets/home.yaml
@ -43,3 +45,10 @@ creation_rules:
        - *gpg_h7x4
        age:
        - *host_dosei
+
+  - path_regex: secrets/europa.yaml
+    key_groups:
+      - pgp:
+        - *gpg_h7x4
+        age:
+        - *host_europa
--- a/README.md
+++ b/README.md
@ -23,6 +23,7 @@ Here are some of the interesting files and dirs:
 | `Tsuki` | Dell Poweredge r710 server | Data storage / Build server / Selfhosted services. This server hosts a wide variety of services, including websites, matrix server, git repos, CI/CD and more. **This is probably the most interesting machine to pick config from** |
 | `Kasei` | AMD Zen 2 CPU / Nvidia GPU - desktop computer | Semi-daily driver. This is my main computer at home. |
 | `Dosei` | Dell Optiplex | Work computer, mostly used for development and testing. |
+| `Europa` | Dell Optiplex | Other work computer, used as nix builder for `Dosei`. |

 ## home-manager configuration

--- a/flake.nix
+++ b/flake.nix
@ -213,6 +213,7 @@
    in {
      dosei = nixSys "dosei" { };
      kasei = nixSys "kasei" { };
+      europa = nixSys "europa" { };
      tsuki = nixSys "tsuki" {
        modules = [
          matrix-synapse-next.nixosModules.default
--- a/hosts/europa/configuration.nix
+++ b/hosts/europa/configuration.nix
@ -0,0 +1,95 @@
+{ config, pkgs, lib, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+
+    ./services/avahi.nix
+    ./services/docker.nix
+  ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.binfmt.emulatedSystems = [
+    "aarch64-linux"
+    "armv7l-linux"
+  ];
+
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  services.udev.packages = with pkgs; [
+    segger-jlink
+  ];
+
+  system.stateVersion = "24.05";
+
+  machineVars = {
+    headless = true;
+    gaming = false;
+    development = true;
+    creative = false;
+
+    dataDrives = let
+      main = "/data";
+    in {
+      drives = { inherit main; };
+      default = main;
+    };
+  };
+
+  systemd.targets = {
+    sleep.enable = false;
+    suspend.enable = false;
+    hibernate.enable = false;
+    hybrid-sleep.enable = false;
+  };
+
+  # security.pam.services.login.unixAuth = true;
+
+  # systemd.network = {
+  #   enable = true;
+  #   # broken
+  #   wait-online.enable = true;
+  # };
+
+  networking = {
+    hostName = "europa";
+    networkmanager.enable = true;
+    # TODO: reenable
+    firewall.enable = false;
+    # hostId = "007f0201";
+  };
+
+  services = {
+    openssh = {
+      enable = true;
+      settings.X11Forwarding = true;
+      settings.PasswordAuthentication = lib.mkForce true;
+    };
+    # xserver = {
+    #   # displayManager.gdm.enable = true;
+    #   # desktopManager.gnome.enable = true;
+    #   # videoDrivers = [ "nvidia" ];
+    # };
+    # tailscale.enable = true;
+  };
+
+  hardware = {
+    bluetooth.enable = true;
+    # cpu.amd.updateMicrocode = true;
+    enableRedistributableFirmware = true;
+    keyboard.zsa.enable = true;
+    opengl = {
+      enable = true;
+      driSupport = true;
+      driSupport32Bit = true;
+    };
+
+    # nvidia = {
+    #   modesetting.enable = true;
+    #   nvidiaSettings = true;
+    # };
+  };
+
+  programs.usbtop.enable = true;
+}
--- a/hosts/europa/hardware-configuration.nix
+++ b/hosts/europa/hardware-configuration.nix
@ -0,0 +1,40 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/2de4150d-e418-4f22-a516-3f35352eb66a";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/12CE-A600";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/8c8bc640-83f4-4eee-909b-457989cebfe4"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/europa/home/default.nix
+++ b/hosts/europa/home/default.nix
@ -0,0 +1,4 @@
+{ ... }:
+{
+  home.stateVersion = "24.05";
+}
--- a/hosts/europa/services/avahi.nix
+++ b/hosts/europa/services/avahi.nix
@ -0,0 +1,13 @@
+{ config, pkgs, lib, ... }:
+{
+  services.avahi = {
+    enable = true;
+    publish.enable = true;
+    publish.addresses = true;
+    publish.domain = true;
+    publish.hinfo = true;
+    publish.userServices = true;
+    publish.workstation = true;
+    extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
+  };
+}
--- a/hosts/europa/services/docker.nix
+++ b/hosts/europa/services/docker.nix
@ -0,0 +1,4 @@
+{ config, pkgs, lib, ... }:
+{
+  virtualisation.docker.enable = true;
+}
--- a/secrets/common.yaml
+++ b/secrets/common.yaml
@ -23,60 +23,69 @@ sops:
        - recipient: age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAweE1kMlFnZVZxZ0dhblVn
-            SjBrU3lUSlFtL2lCWm1VRUtocTdCWVg2aUJFCmc5dEJNdlpGSnFJSjhCNEZmQVc2
-            VVplaldBUlV6TSt1V0lJdTNGWEJpL0kKLS0tIGVhVng4c28wVTdpVXdrdll6N3dj
-            S0N3UldMUWl3VTBBajZkbTFQSzJVNzQKkjgkwjVL3tTJGL4raaRRAflyen6lrCjf
-            qIDU6yVaRPoeg4PMQyjT8B7Lvw/MAAir+v4dO+Wq+026YwEqasWmRg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdjRzYzVQelFCejYvbUdu
+            RDJSemN0VjJMNXh3ayttNTFiN3JSOGpEbzA0CkVtNmw5cTZTNnM2NlBnS2VuWTRN
+            S3VIKzA1VGE4aUxEWWdYNnBIbGMzMDAKLS0tIE9CaVdJQ1RGZVh4VktXWTZNRnBO
+            Qjc3cVNiVEkzK3g0dFptZWx4VUsvTFEK5f9MFIMBCKZzTz8N9ojOKI9VJ9R+m3Ln
+            wVIRMHSWSRoMrIFVhOq24qFPvKJ2y8c9j42N/AYETYZ1MaQkTVeAvQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4RStsMFU2VkJzelpSMnZr
-            VEd0ZTYvMG9rbGtTellidnhBU3ZqSXJyOGl3ClJEOXdlVXBIZStIZkF1aHVqM1Jr
-            RVI1WXhCWVo4ODZRR3dXdDBSWE4xckUKLS0tIGtjNXJmYSszTVRQcDlmWnlwZ0pL
-            MXlQczBBZVpYdzhoRmowZHdiUWN0WWsKTf3WPqKO68UkgJiaN2WpiKqzRhlrfZB2
-            XX1g3GzOXBubWsbJXM7ibxSWhZj2XRIZF3i4kkLpaIF/wB+df0iagQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoZSsvZjU0Q2U0R2ZqZ0NO
+            NW1YVUFieDYvZ3k0dW9vd0NhT3NiQXdFNWxRClRXMWpTdHZ6d2c3alpVcXU0SXpZ
+            ZE9NZnY0dFRJcEkxa2NuZ0tUNHVqNTQKLS0tIC81SVdsQ25ZQ0hxQkZlM0VkVGJX
+            S0kyZzYxNDdHVy92NFVVVnpYT29MVXMKfGgQZvp8nZBjs7ToWsODwia0tT40h99X
+            ZOQitYNJKPQ6CAtruWUrRi00OuvChEg+oJJ+U0gfwcWJKBkUKuT2Qw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age179y7apa80p9unvyjtsphpzyhve90ex986vlxkx43xt9n6m7en3csqnug7c
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3RVIzVFlVVDdqU2tFZ3lD
-            T2NtdjBabmU1cVc3QlRkWnU5ZldodmlHZkJRCjZIcFllSGVoSEVtUkFFVXI1eXd6
-            cjhRbVhLM25HQjlobnNOK0ZiNGE3R1EKLS0tIGdES2I4Y3ZCWWtOVkNyZDZ3V0d3
-            V3NFU3ZuUjFxeHNyUGZXdW9aUElKM1UKutap6vQBYUAuDrnFKBa1J6PcjeTV03a1
-            G6+jlJsBhMlUkiavWiqZ4JuGtSF3tCPZwf+NzuOZfGfjD3YOVHqY/w==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBERjM5bEpySWMzUFdidkk4
+            cDJUVGUralN4RjZoN0E1QTh2eGVHazZiQmxjClB1QnB2ZmVvbVo3SnZLNnlPejV1
+            eGZjUDhDVVRNUVlXdVJDWSsxQlR4S00KLS0tIGtDU1R4UnRwcEJJcmtYei9nWHFH
+            M0VPbTdsTU4xRll1ZG1LcndTZmx3NHcKwA6fUauOTUHadUaion9dfjQPvUxwUIdt
+            ZaHSpuj8usrKd901BvDRxVGv23FAxBb9Ylr2Az+MhHYaVGU/kbQ9mA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age14mer45e52r2q4uz8n3fmv69tvk8gvwany4m4ndudud8ajv3jm4nqdj9m6a
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmZGk1TVVFZ3NxV0NqUEtD
+            bUNaWFpic0JBQTY3YXRRNmM2SmVzRVdlS1YwCmx1R2tCSndFU2VnU2VFNC9TNEVt
+            R3diVE5LK2Q0Y2FrZUpUUDQyQldNYUkKLS0tIEE2SWU1NmlkcE8xMHJhaHNhRHhT
+            enl1ZlNhNjZIU2o5ejh6TjJUWVJQLzAKhhm88Am5Dfng4SRmEGEbsYne/9SrtNxW
+            5ntmc8AEMN3v1g8hEIOvllms5gqiZP1LUrTAvYddI0+ykwPuTY06Jw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age10f4a5acpar8vwz3v298r3nv7gggfpmyh4wxpkc2hwq9paq0scf8qee8lau
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJelFCVGo4L0QrUnNqdWRm
-            cTR4TnJNdGx5SE82cEYzMk9ybmVzeUQ1MHlJCmFEbXZCVFBQUmVFMXFlVnQ1OFdI
-            R0RDNU5XYVNUbmRZSUJUU1VQQk1SdlEKLS0tIG02Q0dIdlJiRWt2cFJTN1VSbTVW
-            MGo3NEZyVlVWUDlVdGZyT2dVV3lxeUEKZGLbJ/PAmHdzfUfDvAQD/Nq179ooElth
-            mfF8FLeFoydSYAxXCDAw/JgjUPXckyjPXEjo3dnSBVec1Q6qHhPBpQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBka0tVODhFWHo4Q3RSZG5h
+            K0dwMEg1SVVtTUljamxCNEMxdGg5a1IvRVhnCmpnNEdEc3BPcVRVS1VzOUFNZFBU
+            bEtqNlgzWGM0Um5RMHNKUWdRZS95TFkKLS0tIFNKZ2dDS1Nnb2JKeW92djhUOWRG
+            cm15UjQ4S0xoclpLV0pYcmJzM1g2eDAKAjJUhGgicEG3dj8BdMjPvr9MC/c+oIGx
+            kPxtKQ5REb5UolEuBBsWapKhKeXLFtTsV/qGOokO34HT1PqZI37Ikw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-07-08T12:29:09Z"
    mac: ENC[AES256_GCM,data:z7J2kMlnqp6RJJj//O8j8W6O7HJkTGAbW0LW4Z6F4m0Fj18bylMQJ7kbNmf7mK5PHnItdHFnWJ/kY1vaXN7gD1SJccZ+jJcWI+nR3i5nr5GpQKoVlB1zYvBir5+CY6C7jJHpJim8WhfXG/hagSZrJ8Hz3hQon8j377g4XSTaHm0=,iv:2kg8iBuv3FWbWs3E5l5XTXzZ8i3tGCAK/PhJI4zWnNI=,tag:a/gNiM7zDqdf/arYNGeAIQ==,type:str]
    pgp:
-        - created_at: "2024-07-08T12:38:34Z"
+        - created_at: "2024-07-17T14:18:35Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----

-            hQIMA0av/duuklWYARAAvyl5qLP6x5yEGccj6rvoDwvY4G28bFKu5J+xS9UnKp5O
-            /ANlKgglGGJ3Sym2Mya4g9Lr49GmZDXSSWcWyktTbn8m1zL4bNdwVyRLLzCthYuG
-            piZeFgzzlAve2rUT38QvTjeLqPgmAtoUGgkLzjl7kWJ3a28Fdx4BaGqKdFgd3u/J
-            ZjTudSRj6xOUv/9qyh/bs6eT4vJYZxMf31n3Y+v5njnWPWTxYb2EgtBdH/KM/uuB
-            gcFQRtBWHKhaNNDQpHZ8nKivFhyyzmkW98FkGX53+RjdkxtS1PznbpkQDR/HDfBJ
-            R+a09EAc0ac/0A++KGLR2UQ5szpGsiYrTrcGFrd8diCBOUMeszRxPgTWQK0PdRli
-            UP12HHHwESmzeZCji/gjsa31c+4fCdyEoHm924/Z+OhVoC2R+oGU+sVDBpLrPSKa
-            Y9EPRmjF63oUm9QIELomke61ylswET372RQyBOOHw2dsPq8AK02wmMKkyHnMN/wG
-            Dhjv+rti97h42xe5X6q/UC2yis5YWB17Zhf51zo1XujB40TFAwQfhfh3F1s1+dKj
-            aVoyvEp5Fk7ryY4YN/D7Eq1qJfwE73ycwoLcZvkeNzIf3839vQJ5ferWkATeQ3qm
-            f8mb/uhQzxMYJsUcBz9UzMVzX5t7WNo3zAWddnHg1/WypbPi2ettn4C9lXYLV27S
-            XAHSfXSeC2ylzWVQeWESFd2U+/8kkYNsv0g5f97ktF7e4PV+F/4Xz2Mc30iAJ4AE
-            3jbC0rVpmBmQeo4OkiyuPT5LEwdEzNQXXBTqdUTuF+LEK6ORUyAY72jRWRkX
-            =n0Ia
+            hQIMA0av/duuklWYAQ//bUJNyi/KLucLpVhBV8ehdWQcJ2U4M6JEQRaJH9QOmkXw
+            TG/KH0AumC5jl8u6yCoK98nslsETRSWufpSGfgsotqs9gxMXb8KT28bKR2ZwJ+oJ
+            KCiFn7YMma04bWjdezrNgOlIy8slGkNzeeJkqbPqcz77hRZUgzMxigXH6FphKmqN
+            kZgBQTXavnDYvMUplUvm13fuHu93jONxwSD9lqkaDTPL5l0OLJoDxvVlslDVu4Wm
+            9bK0a170veBEfpKCcz6RnGvXIbKhASm8WBnWLkD+TrISkAywTMX7/YdRboPRZMGk
+            EGdibq+8Vh117ohgIVrWYGuW/1HrdJj6EO7Wc2F59xmELN+Zc64dIvIVLXLNj5ir
+            jJ5UjQhJ99IYC3b9iLXumMIYCFVwoozyJCAzEx70JhCj0tUSuG+q7JEu3xfJSUsi
+            rAukG6isHJ2ENULbX7fKdWLGzi7bHbv7ObPqc7iKSlQxsKuVY0uKZ90LsPfA2mln
+            9eYzeSeec/0XpDG/0ipmdjsZUu0ZGSwehBHX7BGJG0CS6cj9hgiTliUWZ1kCm7js
+            wFDWDbkVT7ypNcnkqZ1HfHPxlXNvoMTDRQT9AJTLATCaf8QHZ/D5GQ8nqcGig5wb
+            I3roxkITIV4R8Y6eGFU+VJEImEcGTelSNuXV5/POddBkegBrzUmt9aqtgDHSa1jS
+            XgFJQeZzZq8mDnzhupP06stS+oDeZdC82IhmPnGg/PVrq8cgFqobDWBsNY+yK4tV
+            3ozDdn28623shx0i0+uangfl7L5BYK9oi1NJD5qsCgzFXCvs/HKcbiJXFKkqDcE=
+            =smFv
            -----END PGP MESSAGE-----
          fp: F7D37890228A907440E1FD4846B9228E814A2AAC
    unencrypted_suffix: _unencrypted