Commit 8df1cb5

HPCesia <me@hpcesia.com>
2026-04-25 04:17:35
feat: new host - mobius
1 parent e0c75f3
modules/hosts/kevin/default.nix
@@ -9,7 +9,7 @@ in {
   #############################################################
   #
   #  Kevin - NixOS running on ThinkBook 16P G5 IRX
-  #  My main computer, with I7-14650HX + RTX4060 Laptop GPU + 48GB memory, for daily use.
+  #  My main computer, with I7-14650HX + RTX4060 Laptop GPU + 32GB memory, for daily use.
   #
   #############################################################
   den.hosts.x86_64-linux.kevin = {
modules/hosts/mobius/hardware/cpu-amd.nix
@@ -0,0 +1,16 @@
+{inputs, ...}: {
+  den.aspects.mobius.nixos = {
+    imports = with inputs.nixos-hardware.nixosModules; [
+      common-cpu-amd
+    ];
+
+    hardware.enableRedistributableFirmware = true;
+
+    hardware.graphics = {
+      enable = true;
+      enable32Bit = true;
+    };
+
+    boot.kernelModules = ["kvm_amd"];
+  };
+}
modules/hosts/mobius/hardware/misc.nix
@@ -0,0 +1,23 @@
+{inputs, ...}: {
+  den.aspects.mobius.nixos = {pkgs, ...}: {
+    imports = with inputs.nixos-hardware.nixosModules; [
+      common-pc-ssd
+    ];
+
+    boot.initrd.availableKernelModules = [
+      "xhci_pci"
+      "nvme"
+      "thunderbolt"
+      "usbhid"
+      "usb_storage"
+      "sd_mod"
+    ];
+
+    # Thunderbolt
+    services.hardware.bolt.enable = true;
+    networking.firewall.trustedInterfaces = ["thunderbolt0"];
+
+    # Bluetooth
+    hardware.bluetooth.enable = true;
+  };
+}
modules/hosts/mobius/services/default.nix
@@ -0,0 +1,38 @@
+{den, ...}: let
+  inherit (den.lib) __findFile;
+in {
+  den.aspects.mobius.includes = [
+    <services/forgejo-runner>
+    (<services/forgejo-runner/instance> {
+      instance = "default";
+      name = "runner@pardofelis.hpcesia.com";
+      servers = {
+        myforgejo = {
+          url = "https://repo.hpcesia.com/";
+          uuid = "8397d44d-b88d-4a7e-8136-6f81222e0998";
+          tokenFileAged = ./forgejo-runner-myforgejo-token.age;
+          labels = [
+            "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"
+            "nixos-latest:docker://repo.hpcesia.com/hpcesia/nix-act-image:latest-x86_64"
+          ];
+        };
+        codeberg = {
+          url = "https://codeberg.org/";
+          uuid = "6fdd1db9-24a1-4886-ae8c-a9eb9e2b5e6c";
+          tokenFileAged = ./forgejo-runner-codeberg-token.age;
+          labels = [
+            "nixos-latest:docker://repo.hpcesia.com/hpcesia/nix-act-image:latest-x86_64"
+          ];
+        };
+      };
+    })
+
+    <services/mihomo>
+
+    <services/podman>
+
+    <services/restic>
+
+    (<services/tailscale> ./tailscale-authkey.age)
+  ];
+}
modules/hosts/mobius/services/forgejo-runner-codeberg-token.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 849TbL67frW6VBxo50dLFjOrIXhVp0na2++y7JEmQzs
+dEmU4T0/EWhtkLJ1UPFMsGT28y78fa78dm20ZD8Kj/w
+-> x>T5_-grease ,
+Tm6Z+x6KjOHXZsz/4nSeszDxT0ne5Y7yUF4UPeJpY68pFUCqYNl7gdn/pzo0HrtK
+VAIPIgrJv4kY81irVsYmds+48dntQB4IacjCYg
+--- atavQGHcJKRoctic6eJSC23ouRc2VuAcM4rTLBSf6hc
+�?����Y����T�������,�8
+�Hj81����i��hB�W�03̒~y�n����B��ș�
��"���
\ No newline at end of file
modules/hosts/mobius/services/forgejo-runner-myforgejo-token.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 JJTxJQeUkZq8QvD9tdy6CpMd+uP8AoUDxQviJMi5lTQ
+DUDUzwwwoX+McnBvbiWw4XCCnyHJXn+nzjLegRyAAIk
+-> y-grease
+1gpx20lalyrqeX9kzARgrJIZESM8wYcUDHT3sJiHVgZOvrBoU/RfbxHqowpuHOhB
+iBXCMBhR1U1WvYh1Gy11W3anRDUxXH87ruS+KSWKPL3xSvDNROxHU6LOiy/i40eA
+jJH+
+--- e5Xi9oBmuutQLad1TmMEkV3xfLo0aA2niX6gDPE717o
+�u8,�;����Lv��`�΍Hw�2���n�T��2��?�Ĉ�nRa��Y!�C��{�#"|������v��4w
\ No newline at end of file
modules/hosts/mobius/services/tailscale-authkey.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> X25519 M+7w4L86jnl4edjQdUdDODF262QV/RosFOagGDjyhGg
+1YvwL1wQH/QhCIbbXeB7BhSR8jCHVk/AU0MDSXQh6sY
+-> vycz4tp-grease i9!B< j*i&EY *H>? NHA>3
+RoZEdyywqOud7Ll1s3Z5NFT/IJMezBfINg
+--- OOEGaBWMpeOxM0IzyFxCG49QHULVQ5l45RLgLAIy5Sc
+\5'$9�E��2U:�ʇ�i�a�v���86j�p'O�@w1q��������$��G��S�heŃ���4����d3��Q?��IA��p!�
�g�)�C�A�8���WdTapK��/5�D��
\ No newline at end of file
modules/hosts/mobius/boot.nix
@@ -0,0 +1,20 @@
+{
+  den.aspects.mobius.nixos = {
+    boot.loader = {
+      grub = {
+        enable = true;
+        devices = ["nodev"];
+        efiSupport = true;
+        gfxmodeEfi = "1024x768";
+      };
+      efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot";
+      };
+    };
+
+    boot.initrd.systemd = {
+      enable = true;
+    };
+  };
+}
modules/hosts/mobius/default.nix
@@ -0,0 +1,45 @@
+{
+  inputs,
+  config,
+  den,
+  ...
+}: let
+  inherit (den.lib) __findFile;
+in {
+  #############################################################
+  #
+  #  Mobius - NixOS running on Topfell DeskOne T2
+  #  My first homelab server, with Ryzen 7 H 255 + 16GB memory.
+  #
+  #############################################################
+  den.hosts.x86_64-linux.mobius = {
+    usage = "server";
+    pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMesHdI8FLpEPr6KG7t50+d+jKntmtAKvPT9amqdPaaz root@mobius";
+    hashedPasswordAged = ./hashed-password.age;
+    sshPorts = [21632];
+    authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFMKaGC2I3an4AJDeWzVx5vhm63+kxi6zJNdh7yEp6CK hpcesia@kevin"];
+    tailscaleIpv4 = "100.64.0.2";
+    tailscaleIpv6 = "fd7a:115c:a1e0::2";
+    users.hpcesia.classes = ["homeManager"];
+    instantiate = {modules}:
+      inputs.nixpkgs.lib.nixosSystem {
+        inherit modules;
+
+        # Fix vaultix error: attribute 'inputs' missing
+        # This is an anti-pattern of Dendritic Pattern
+        # I don't like this, but I don't see another way
+        specialArgs = {inherit (inputs) self;};
+      };
+  };
+
+  den.aspects.mobius.includes = [
+    # I can physically access Mobius,
+    # so I want a full featured console for emergency access.
+    <desktop/fonts>
+    <desktop/kmscon>
+  ];
+
+  den.aspects.mobius.provides.to-users.includes = [
+    <desktop/no-stylix> # Mobius is not desktop
+  ];
+}
modules/hosts/mobius/filesystem.nix
@@ -0,0 +1,33 @@
+{
+  den.aspects.mobius.nixos = {
+    swapDevices = [
+      {
+        device = "/dev/disk/by-uuid/65d34919-c7fc-4920-b110-05dea8e21bbb";
+      }
+    ];
+
+    fileSystems."/" = {
+      device = "/dev/disk/by-uuid/981af563-01b0-4863-b8ef-b1f1d5c7059b";
+      fsType = "btrfs";
+      options = ["subvol=root" "compress=zstd"];
+    };
+
+    fileSystems."/nix" = {
+      device = "/dev/disk/by-uuid/981af563-01b0-4863-b8ef-b1f1d5c7059b";
+      fsType = "btrfs";
+      options = ["subvol=nix" "noatime" "compress=zstd"];
+    };
+
+    fileSystems."/home" = {
+      device = "/dev/disk/by-uuid/981af563-01b0-4863-b8ef-b1f1d5c7059b";
+      fsType = "btrfs";
+      options = ["subvol=home" "compress=zstd"];
+    };
+
+    fileSystems."/boot" = {
+      device = "/dev/disk/by-uuid/CD11-3A7D";
+      fsType = "vfat";
+      options = ["fmask=0022" "dmask=0022"];
+    };
+  };
+}
modules/hosts/mobius/hashed-password.age
Binary file
modules/hosts/mobius/networking.nix
@@ -0,0 +1,21 @@
+{
+  lib,
+  den,
+  ...
+}: {
+  den.aspects.mobius.nixos = {
+    networking = {
+      networkmanager.enable = true;
+      interfaces."wlp3s0" = {};
+    };
+  };
+
+  den.aspects.mobius.provides.ssh.homeManager = {osConfig, ...}: {
+    # Mobius is a homelab server and have no IPv4 address, so I have to use Tailscale for remote access.
+    programs.ssh.extraConfig = lib.mkIf (osConfig.services.tailscale.enable) ''
+      Host mobius
+        Port ${toString (lib.elemAt den.hosts.x86_64-linux.mobius.sshPorts 0)}
+        HostName ${den.hosts.x86_64-linux.mobius.tailscaleIpv4}
+    '';
+  };
+}
modules/hosts/mobius/state-version.nix
@@ -0,0 +1,17 @@
+{
+  den.aspects.mobius = let
+    stateVersion = "25.11";
+  in {
+    nixos = {
+      # DO NOT FIDDLE WITH THIS VALUE !!!
+      # This value determines the NixOS release from which the default
+      # settings for stateful data, like file locations and database versions
+      # on your system were taken.
+      # Before changing this value (which you shouldn't do unless you have
+      # REALLY NECESSARY reason to do this) read the documentation for this option
+      # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html)
+      # and release notes, SERIOUSLY.
+      system.stateVersion = stateVersion; # Did you read the comment?
+    };
+  };
+}
modules/users/hpcesia/default.nix
@@ -33,6 +33,7 @@ in {
   # host specific configuration for kevin
   den.aspects.hpcesia.provides.kevin.includes = [
     <pardofelis/ssh>
+    <mobius/ssh>
   ];
 
   den.aspects.hpcesia.nixos = {config, ...}: {
secrets/cache/mobius/0d7ca820c3ab29f0e241a6272ede15f4b5bb5f51fb17c85a0579204041dd2542
Binary file
secrets/cache/mobius/19341e15bbe357479ae0f18f60df91b576e4195d0ca05c74efdbc2b7ba933e31
Binary file
secrets/cache/mobius/4bf2a733f28492cd2a6911c39dead796cbb5f825d6cad9f21b49410f2813d40d
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 5saP2w feFNK5iN7p2cx+FB2qAkgEODQQxaDozRG6GY/r2q/DI
+4lCwLoY/sDp8QK6bj8tP8sxAnvXe+3ADbERXbjBSNPg
+-> p-grease !0 O!OM M5C 4g
+/X5QdUmmgB2N6AMV+ZVZXcjcp0IY2w8MySdTXg
+--- xWS7W2PyZIMPOIR2aDUBtsyX+102qJi9oFmSIQ366Kg
+aJ�z2��*��[T���]�~yk��G�4��8�
�����9�l����R����b�$���Ȃ�#�w0��#~�:�2�[�i��Às�������O���,]x��I�$�t_�
\ No newline at end of file
secrets/cache/mobius/518827c8084887cc68d9ece0e4b44fda10dddcb114397cee1c96756caa200a41
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 5saP2w HE/EzvELgAlw+2jeJZjE1/UItuDLuuCmSQHl/zHSkF4
+FKdZQ4aOGb430kaoT848xUjP/u5tBQp2oksMQ4k3DHs
+-> |m7Lb+-grease l?_4(v :"&^"[ }@[rW E
+wZ20Ao7dRUgge6nF
+--- uhpq2GVJ0hKPmkyzrzbImkrhhlYXTP6yJrPZuJYAgGk
+r�a!|��)�L,�l-1j�,�'�8m�9-e���R��8�����}ڣ�X]�ܛ����Ğ�C7rV���&�Q4�x�	x7
��?���2�=$�uX�窬do�R~yK�,
\ No newline at end of file
secrets/cache/mobius/805f008a61c5c78773cdc68aa817b9e17856b78bedc92c9389cb278e6462be8a
Binary file
secrets/cache/mobius/95deda8cb4f9597f464dcc6184c8f54e0a150af1ff7a8f53c4ad0d0c396f5603
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 5saP2w vvhSiAXHSuFPv3aBWuetRKxHy+ypEB+y4/8WcWctYR4
+29yf4TmvSsLjga/sOmOEZAP+El4E3gus5zhNF5t69Jo
+-> u0<2-grease
+iTWry5C3KX7BQ1rRGxJY9RxfYFZRxVaUUowyHtFdyFvYH5TmlIJqs/dgxMo9A2s
+--- 3XKwkf1XAFc2oAJQ+5fsRQbKdaFOUVjTgZx+6dFDMHg
+֒7m�
+J��R.��������H2U�C3��%�(:�h׶��I�[5����i��|�����Dټ�TUϺ
\ No newline at end of file
secrets/cache/mobius/a89a977518240617a7341ae374e90c8b0b41c2b3833248d25808d2de12948986
Binary file
secrets/cache/mobius/ae12b87c5a6de02867ce7ce8d7b800988f0025e5b8f050111b3633390602cccd
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 5saP2w fKgEbbelVcv/7bNi+TlI3/s9uxRTdzWuF8Qqp0l0tAY
+mK9DQ0IkGbosQKDG1EdqDvzKupWYnWL5S+Jk5xHuRyk
+-> 5g-grease `5!
+D94WHmNm0Ohza3EJUp2blgGbT9NvAI+HfZDUEFGkTVZGI/7uHgLEP0Y+vD5FPXlP
+JENf31v38SsQs/WL8NdCh7E2vKwvpdQsP0D66dKKIw
+--- AwjfXbkvtwVOzfCLQYXy9N+iMlpBcEgmYbFKRJ4NcHo
+��b �#���*�����3�Kw������룁���(+%=���}���ɽX��P1��Ӫ�'�ܑ�!�!m.�!y�eZ����DZ���o�ZVlb�.��u1u�3�Pn
\ No newline at end of file
secrets/cache/mobius/bf26308830dea9f1d7cd2c6e52c495055c1a1dda1c1de8be5850e93e780311a6
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 5saP2w QdJpA5wyElYB23A9KI6cSORJ9lTJbOpOBMuGyxn35jM
+2I0U56nlas6WCfvTkqFUIWD1TZX0QIQPEJ5KcD/vcvA
+-> <"4-grease #v
+PqMKx0N96oxWMfLPdt4V
+--- R8Z5xKsu5PdZHsIdBN/wFn/nEPrsgnSmehIo/9LGG98
+q�5���g��8�	k����t	�<������v#�%�
+UX�����N�[�O�D�626���gx��X
�K�gf��|z��"���������D�@n�ns�&L<����)/|��Mpp�LÉ6=�Z
\ No newline at end of file
secrets/cache/mobius/db90442c27fa0da811682d51c3c8e95200a6219e154e11dad5f80e761cc9706b
Binary file
secrets/cache/mobius/e4a7b7d1c72f87e057d58ff8b5c71556e071c13dc1c98dcbaf3377b2b20701dc
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 5saP2w NshgTW23+Kmir/p7/qpF3yjeagdXPherBN7uIPAnSw4
+zQyUInPQ0EeDU+FqCxbduaHTAAUB6R9UHw0dUVAsKPU
+-> ~->&!/=-grease
+EgvCpZxuz2JbHKwbQeAmB6R1ylH4kMzeBOO+k0GJptSGDbwKRYOeyF2HjXHWImJ3
+ukOX+L7R36vgqSRg7lqKloLQqg
+--- JcjyqjZXD5cJFbfd/JT4T38dUmnUQxMZp+qip/h4o08
+�����ʯ�w�
��.�ǁ7��gs��b�,L#�C�'s��i	L۳��ZmZ5� �
S��
#`�
+2�A�D�>�|�@xa�� ��i�ۥ)���|�᫻85
g���bȞ��<̚��&�^?B�I
\ No newline at end of file