yadunut/nix
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

Compare commits

base: yadunut:163d844af3cba6319fdad1c655cc488c51ed4947
Branches Tags
yadunut:main
...
compare: yadunut:97c47ca04a9fbf95ef2405c30b407e32701233f3
Branches Tags
yadunut:main

3 Commits
163d844af3 ... 97c47ca04a

Author SHA1 Message Date
Yadunand Prem
97c47ca04a add colmena 2025-10-30 16:49:01 +08:00
Yadunand Prem
0c8eeec43c cleanup nut-gc2 2025-10-30 15:46:58 +08:00
Yadunand Prem
2dd8d861d9 add inventory and move keys 2025-10-30 15:46:32 +08:00
8 changed files with 85 additions and 55 deletions
Expand all files Collapse all files

23
flake.nix
View File

@@ -25,7 +25,8 @@
outputs =
inputs:
inputs.snowfall-lib.mkFlake {
let
flake = inputs.snowfall-lib.mkFlake {
inherit inputs;
src = ./.;
snowfall = {
@@ -41,4 +42,24 @@
allowUnfree = true;
};
};
inv = import ./inventory.nix;
mkNode = name: node: {
imports = [ (./systems/x86_64-linux + "/${name}") ];
deployment.targetHost = node.zerotierIp;
};
colmenaNodes = builtins.mapAttrs mkNode inv.nodes;
colmenaHive = inputs.colmena.lib.makeHive (
{
meta = {
nixpkgs = import inputs.nixpkgs {
system = "x86_64-linux";
config.allowUnfree = true;
};
specialArgs = { inherit inputs; };
};
}
// colmenaNodes
);
in
flake // { colmenaHive = colmenaHive; };
}

1
homes/aarch64-darwin/yadunut@yadunut-mbp/default.nix
View File

@@ -22,6 +22,7 @@
pkgs.claude-code
pkgs.codex
pkgs.amp-cli
inputs.colmena.packages.aarch64-darwin.colmena
];
home.sessionVariables = {

21
inventory.nix Normal file
View File

@@ -0,0 +1,21 @@
{
nodes = {
nut-gc2 = {
hostname = "nut-gc2";
zerotierIp = "10.222.0.87";
sshHostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN2WBYhGKSXSYWwISsY1osfliVSS9J+W6uHBid5i2qey root@nut-gc2";
};
penguin = {
hostname = "penguin";
zerotierIp = "10.222.0.249";
sshHostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0NLOa9NNz7r3QODU0Oe/a5m+PFzcpM20aLwf+0wojT root@penguin";
};
};
# User SSH public keys (named) for authorization and agenix recipients.
userKeys = {
yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG yadunut";
penguin-yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEg5wsPLOZvU6lT8cMUsStQqalh/Hw5u104QhOYPS8E yadunut@penguin";
};
}

5
lib/default.nix
View File

@@ -7,9 +7,8 @@
mkUser =
attrs:
let
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG"
];
inv = import ../inventory.nix;
sshKeys = builtins.attrValues inv.userKeys;
in
{
openssh.authorizedKeys.keys = sshKeys;

BIN
secrets/btrbk-keyfile.age
View File

Binary file not shown.

21
secrets/k3s.age
View File

@@ -1,12 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 Gc/MTQ 1VXVmIQH+4s2AkBbf8BdOp65oDDlxfMYYE184LUggFo
xpUXhXkFiUa3FcWBazPt7l0bPYrurOsn2+MZVxHp0XE
-> ssh-ed25519 mOIk4w jdEZYWfNwjmsVhKWo/ucReyRLVgeRICAGP5n6mvJOQg
YuyZTijB3BNxTPKebLmEsfJkRh7/8JETG5eOqgU+fOY
-> ssh-ed25519 l9wOAw /OGUnqDH738Yk51Snn7VC1JPBTMU497vBSaKD0qWbAs
+sgfXtvA9g3X5YPr5YcoWo7Ljkxrs3O++aNA6GphU/4
-> ssh-ed25519 cPJ/Ew otg3F8Xt7vYkvjFv3/4OtSG8Q/8/z2IOF9h9q6wiuSc
EI4BL10EGys4Vd1+DiU1u69CB8feEqNw9saqqclvgG4
--- rqGI3Z4Pd3PDtH7RHfx5FRDu4AZudXZ1Cfv8Cvz/IAw
<EFBFBD><EFBFBD><1A><><EFBFBD><EFBFBD>}Av<41>!<21>@<40>h*<2A><><EFBFBD>8H?<3F>h<19><><EFBFBD>
mr8<EFBFBD><EFBFBD>7M4>8<><38><EFBFBD>B<EFBFBD><42>6<EFBFBD><36>w
-> ssh-ed25519 mOIk4w b5tjwFCxGwOsQSRQTuyW45PM4UUIePIYfZ1TxtN/uXY
9JBcEmgtq7IbvQ4aSNntlWq756MCOhyPeyYxdSpZXac
-> ssh-ed25519 Gc/MTQ ilPM4uAYGwFNJRUPdyU4TEQFI6wSR6e53X5Vl8sFqXk
ejbXYpUcfyZ0ALMEdmXCl0ELdI3wyH+4gje0ljSLzO4
-> ssh-ed25519 cPJ/Ew IXILaJ9gLqpuNme7Q9TKmfh0z4OsZWWd2exrnC7pX1U
VTkE9sX8UVvaQwsuOFzimdn4yjYNSDZ4xofzCWPfe1I
-> ssh-ed25519 l9wOAw DuSvKg4h9Ht8YY4WKfyJuS72MAmXOIxUmDvzCOyMoXU
WobjJwvGz0GxVoyn12kKC4FTIRkQiTH9NOK7pmuWLvE
--- 2sPIIJsPAciSrEjOO/ZKxdIByFiFvoVZ3gSs3TvRFQ4
<EFBFBD><EFBFBD>̊<EFBFBD>+?]<5D><>P<EFBFBD><50>Z@E`<60><><EFBFBD><EFBFBD><14>h<EFBFBD><68>6<EFBFBD><36>֧_jXx<58>_X<5F>}^{%<25>f |<7C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>h<EFBFBD><68>p<EFBFBD><70><EFBFBD><EFBFBD><7F>-D<1C><><EFBFBD><EFBFBD><@$<24>w<EFBFBD> x<>1<02><><EFBFBD><EFBFBD><EFBFBD>x<EFBFBD>}N<>مgj<67><6A>J<EFBFBD><4A><EFBFBD><19><><EFBFBD><EFBFBD><EFBFBD>;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>2O

18
secrets/secrets.nix
View File

@@ -1,19 +1,9 @@
let
mbp-yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG yadunut";
penguin-yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEg5wsPLOZvU6lT8cMUsStQqalh/Hw5u104QhOYPS8E yadunut@penguin";
users = [
mbp-yadunut
penguin-yadunut
];
penguin-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0NLOa9NNz7r3QODU0Oe/a5m+PFzcpM20aLwf+0wojT root@penguin";
gc2-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN2WBYhGKSXSYWwISsY1osfliVSS9J+W6uHBid5i2qey root@nut-gc2";
systems = [
penguin-host
gc2-host
];
inv = import ../inventory.nix;
users = builtins.attrValues inv.userKeys;
systems = builtins.map (n: n.sshHostKey) (builtins.attrValues inv.nodes);
in
{
"k3s.age".publicKeys = users ++ systems;
"btrbk-keyfile.age".publicKeys = systems ++ [ mbp-yadunut ];
"btrbk-keyfile.age".publicKeys = systems ++ [ inv.userKeys.yadunut ];
}

21
systems/x86_64-linux/nut-gc2/default.nix
View File

@@ -42,10 +42,6 @@ in
time.timeZone = "Asia/Singapore";
services.udev.extraRules = ''
ATTR{address}=="00:72:f1:f7:47:db", NAME="ens3"
'';
networking = {
nameservers = [
"1.1.1.1"
@@ -104,12 +100,19 @@ in
];
};
};
services.openssh = {
services = {
openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
services.tailscale.enable = true;
zerotierone = {
enable = true;
joinNetworks = [ "23992b9a659115b6" ];
};
udev.extraRules = ''
ATTR{address}=="00:72:f1:f7:47:db", NAME="ens3"
'';
};
environment.systemPackages = with pkgs; [
git
@@ -117,10 +120,6 @@ in
btop
];
services.zerotierone = {
enable = true;
joinNetworks = [ "23992b9a659115b6" ];
};
system.stateVersion = "25.11";
};
}