yadunut/nix
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

Compare commits

base: yadunut:163d844af3cba6319fdad1c655cc488c51ed4947
Branches Tags
yadunut:main
...
compare: yadunut:97c47ca04a9fbf95ef2405c30b407e32701233f3
Branches Tags
yadunut:main

3 Commits
163d844af3 ... 97c47ca04a

Author SHA1 Message Date
Yadunand Prem
97c47ca04a add colmena 2025-10-30 16:49:01 +08:00
Yadunand Prem
0c8eeec43c cleanup nut-gc2 2025-10-30 15:46:58 +08:00
Yadunand Prem
2dd8d861d9 add inventory and move keys 2025-10-30 15:46:32 +08:00
8 changed files with 85 additions and 55 deletions
Expand all files Collapse all files

49
flake.nix
View File

@@ -25,20 +25,41 @@
outputs = outputs =
inputs: inputs:
inputs.snowfall-lib.mkFlake { let
inherit inputs; flake = inputs.snowfall-lib.mkFlake {
src = ./.; inherit inputs;
snowfall = { src = ./.;
namespace = "snowfall"; snowfall = {
namespace = "snowfall";
};
systems.modules.nixos = with inputs; [
agenix.nixosModules.default
];
homes.modules = with inputs; [
agenix.homeManagerModules.default
];
channels-config = {
allowUnfree = true;
};
}; };
systems.modules.nixos = with inputs; [ inv = import ./inventory.nix;
agenix.nixosModules.default mkNode = name: node: {
]; imports = [ (./systems/x86_64-linux + "/${name}") ];
homes.modules = with inputs; [ deployment.targetHost = node.zerotierIp;
agenix.homeManagerModules.default
];
channels-config = {
allowUnfree = true;
}; };
}; colmenaNodes = builtins.mapAttrs mkNode inv.nodes;
colmenaHive = inputs.colmena.lib.makeHive (
{
meta = {
nixpkgs = import inputs.nixpkgs {
system = "x86_64-linux";
config.allowUnfree = true;
};
specialArgs = { inherit inputs; };
};
}
// colmenaNodes
);
in
flake // { colmenaHive = colmenaHive; };
} }

1
homes/aarch64-darwin/yadunut@yadunut-mbp/default.nix
View File

@@ -22,6 +22,7 @@
pkgs.claude-code pkgs.claude-code
pkgs.codex pkgs.codex
pkgs.amp-cli pkgs.amp-cli
inputs.colmena.packages.aarch64-darwin.colmena
]; ];
home.sessionVariables = { home.sessionVariables = {

21
inventory.nix Normal file
View File

@@ -0,0 +1,21 @@
{
nodes = {
nut-gc2 = {
hostname = "nut-gc2";
zerotierIp = "10.222.0.87";
sshHostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN2WBYhGKSXSYWwISsY1osfliVSS9J+W6uHBid5i2qey root@nut-gc2";
};
penguin = {
hostname = "penguin";
zerotierIp = "10.222.0.249";
sshHostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0NLOa9NNz7r3QODU0Oe/a5m+PFzcpM20aLwf+0wojT root@penguin";
};
};
# User SSH public keys (named) for authorization and agenix recipients.
userKeys = {
yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG yadunut";
penguin-yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEg5wsPLOZvU6lT8cMUsStQqalh/Hw5u104QhOYPS8E yadunut@penguin";
};
}

5
lib/default.nix
View File

@@ -7,9 +7,8 @@
mkUser = mkUser =
attrs: attrs:
let let
sshKeys = [ inv = import ../inventory.nix;
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG" sshKeys = builtins.attrValues inv.userKeys;
];
in in
{ {
openssh.authorizedKeys.keys = sshKeys; openssh.authorizedKeys.keys = sshKeys;

BIN
secrets/btrbk-keyfile.age
View File

Binary file not shown.

21
secrets/k3s.age
View File

@@ -1,12 +1,11 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 Gc/MTQ 1VXVmIQH+4s2AkBbf8BdOp65oDDlxfMYYE184LUggFo -> ssh-ed25519 mOIk4w b5tjwFCxGwOsQSRQTuyW45PM4UUIePIYfZ1TxtN/uXY
xpUXhXkFiUa3FcWBazPt7l0bPYrurOsn2+MZVxHp0XE 9JBcEmgtq7IbvQ4aSNntlWq756MCOhyPeyYxdSpZXac
-> ssh-ed25519 mOIk4w jdEZYWfNwjmsVhKWo/ucReyRLVgeRICAGP5n6mvJOQg -> ssh-ed25519 Gc/MTQ ilPM4uAYGwFNJRUPdyU4TEQFI6wSR6e53X5Vl8sFqXk
YuyZTijB3BNxTPKebLmEsfJkRh7/8JETG5eOqgU+fOY ejbXYpUcfyZ0ALMEdmXCl0ELdI3wyH+4gje0ljSLzO4
-> ssh-ed25519 l9wOAw /OGUnqDH738Yk51Snn7VC1JPBTMU497vBSaKD0qWbAs -> ssh-ed25519 cPJ/Ew IXILaJ9gLqpuNme7Q9TKmfh0z4OsZWWd2exrnC7pX1U
+sgfXtvA9g3X5YPr5YcoWo7Ljkxrs3O++aNA6GphU/4 VTkE9sX8UVvaQwsuOFzimdn4yjYNSDZ4xofzCWPfe1I
-> ssh-ed25519 cPJ/Ew otg3F8Xt7vYkvjFv3/4OtSG8Q/8/z2IOF9h9q6wiuSc -> ssh-ed25519 l9wOAw DuSvKg4h9Ht8YY4WKfyJuS72MAmXOIxUmDvzCOyMoXU
EI4BL10EGys4Vd1+DiU1u69CB8feEqNw9saqqclvgG4 WobjJwvGz0GxVoyn12kKC4FTIRkQiTH9NOK7pmuWLvE
--- rqGI3Z4Pd3PDtH7RHfx5FRDu4AZudXZ1Cfv8Cvz/IAw --- 2sPIIJsPAciSrEjOO/ZKxdIByFiFvoVZ3gSs3TvRFQ4
<EFBFBD><EFBFBD><1A><><EFBFBD><EFBFBD>}Av<41>!<21>@<40>h*<2A><><EFBFBD>8H?<3F>h<19><><EFBFBD> <EFBFBD><EFBFBD>̊<EFBFBD>+?]<5D><>P<EFBFBD><50>Z@E`<60><><EFBFBD><EFBFBD><14>h<EFBFBD><68>6<EFBFBD><36>֧_jXx<58>_X<5F>}^{%<25>f |<7C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>h<EFBFBD><68>p<EFBFBD><70><EFBFBD><EFBFBD><7F>-D<1C><><EFBFBD><EFBFBD><@$<24>w<EFBFBD> x<>1<02><><EFBFBD><EFBFBD><EFBFBD>x<EFBFBD>}N<>مgj<67><6A>J<EFBFBD><4A><EFBFBD><19><><EFBFBD><EFBFBD><EFBFBD>;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>2O
mr8<EFBFBD><EFBFBD>7M4>8<><38><EFBFBD>B<EFBFBD><42>6<EFBFBD><36>w

18
secrets/secrets.nix
View File

@@ -1,19 +1,9 @@
let let
mbp-yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG yadunut"; inv = import ../inventory.nix;
penguin-yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEg5wsPLOZvU6lT8cMUsStQqalh/Hw5u104QhOYPS8E yadunut@penguin"; users = builtins.attrValues inv.userKeys;
users = [ systems = builtins.map (n: n.sshHostKey) (builtins.attrValues inv.nodes);
mbp-yadunut
penguin-yadunut
];
penguin-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0NLOa9NNz7r3QODU0Oe/a5m+PFzcpM20aLwf+0wojT root@penguin";
gc2-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN2WBYhGKSXSYWwISsY1osfliVSS9J+W6uHBid5i2qey root@nut-gc2";
systems = [
penguin-host
gc2-host
];
in in
{ {
"k3s.age".publicKeys = users ++ systems; "k3s.age".publicKeys = users ++ systems;
"btrbk-keyfile.age".publicKeys = systems ++ [ mbp-yadunut ]; "btrbk-keyfile.age".publicKeys = systems ++ [ inv.userKeys.yadunut ];
} }

25
systems/x86_64-linux/nut-gc2/default.nix
View File

@@ -42,10 +42,6 @@ in
time.timeZone = "Asia/Singapore"; time.timeZone = "Asia/Singapore";
services.udev.extraRules = ''
ATTR{address}=="00:72:f1:f7:47:db", NAME="ens3"
'';
networking = { networking = {
nameservers = [ nameservers = [
"1.1.1.1" "1.1.1.1"
@@ -104,23 +100,26 @@ in
]; ];
}; };
}; };
services.openssh = { services = {
enable = true; openssh = {
settings.PasswordAuthentication = false; enable = true;
settings.PasswordAuthentication = false;
};
zerotierone = {
enable = true;
joinNetworks = [ "23992b9a659115b6" ];
};
udev.extraRules = ''
ATTR{address}=="00:72:f1:f7:47:db", NAME="ens3"
'';
}; };
services.tailscale.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
neovim neovim
btop btop
]; ];
services.zerotierone = {
enable = true;
joinNetworks = [ "23992b9a659115b6" ];
};
system.stateVersion = "25.11"; system.stateVersion = "25.11";
}; };
} }