Commit 8df1cb5
Changed files (25)
modules
hosts
users
hpcesia
secrets
cache
mobius
modules/hosts/kevin/default.nix
@@ -9,7 +9,7 @@ in {
#############################################################
#
# Kevin - NixOS running on ThinkBook 16P G5 IRX
- # My main computer, with I7-14650HX + RTX4060 Laptop GPU + 48GB memory, for daily use.
+ # My main computer, with I7-14650HX + RTX4060 Laptop GPU + 32GB memory, for daily use.
#
#############################################################
den.hosts.x86_64-linux.kevin = {
modules/hosts/mobius/hardware/cpu-amd.nix
@@ -0,0 +1,16 @@
+{inputs, ...}: {
+ den.aspects.mobius.nixos = {
+ imports = with inputs.nixos-hardware.nixosModules; [
+ common-cpu-amd
+ ];
+
+ hardware.enableRedistributableFirmware = true;
+
+ hardware.graphics = {
+ enable = true;
+ enable32Bit = true;
+ };
+
+ boot.kernelModules = ["kvm_amd"];
+ };
+}
modules/hosts/mobius/hardware/misc.nix
@@ -0,0 +1,23 @@
+{inputs, ...}: {
+ den.aspects.mobius.nixos = {pkgs, ...}: {
+ imports = with inputs.nixos-hardware.nixosModules; [
+ common-pc-ssd
+ ];
+
+ boot.initrd.availableKernelModules = [
+ "xhci_pci"
+ "nvme"
+ "thunderbolt"
+ "usbhid"
+ "usb_storage"
+ "sd_mod"
+ ];
+
+ # Thunderbolt
+ services.hardware.bolt.enable = true;
+ networking.firewall.trustedInterfaces = ["thunderbolt0"];
+
+ # Bluetooth
+ hardware.bluetooth.enable = true;
+ };
+}
modules/hosts/mobius/services/default.nix
@@ -0,0 +1,38 @@
+{den, ...}: let
+ inherit (den.lib) __findFile;
+in {
+ den.aspects.mobius.includes = [
+ <services/forgejo-runner>
+ (<services/forgejo-runner/instance> {
+ instance = "default";
+ name = "runner@pardofelis.hpcesia.com";
+ servers = {
+ myforgejo = {
+ url = "https://repo.hpcesia.com/";
+ uuid = "8397d44d-b88d-4a7e-8136-6f81222e0998";
+ tokenFileAged = ./forgejo-runner-myforgejo-token.age;
+ labels = [
+ "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"
+ "nixos-latest:docker://repo.hpcesia.com/hpcesia/nix-act-image:latest-x86_64"
+ ];
+ };
+ codeberg = {
+ url = "https://codeberg.org/";
+ uuid = "6fdd1db9-24a1-4886-ae8c-a9eb9e2b5e6c";
+ tokenFileAged = ./forgejo-runner-codeberg-token.age;
+ labels = [
+ "nixos-latest:docker://repo.hpcesia.com/hpcesia/nix-act-image:latest-x86_64"
+ ];
+ };
+ };
+ })
+
+ <services/mihomo>
+
+ <services/podman>
+
+ <services/restic>
+
+ (<services/tailscale> ./tailscale-authkey.age)
+ ];
+}
modules/hosts/mobius/services/forgejo-runner-codeberg-token.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 849TbL67frW6VBxo50dLFjOrIXhVp0na2++y7JEmQzs
+dEmU4T0/EWhtkLJ1UPFMsGT28y78fa78dm20ZD8Kj/w
+-> x>T5_-grease ,
+Tm6Z+x6KjOHXZsz/4nSeszDxT0ne5Y7yUF4UPeJpY68pFUCqYNl7gdn/pzo0HrtK
+VAIPIgrJv4kY81irVsYmds+48dntQB4IacjCYg
+--- atavQGHcJKRoctic6eJSC23ouRc2VuAcM4rTLBSf6hc
+�?����Y����T�������,�8
+�Hj81����i��hB�W�03̒~y�n����B��ș�
��"���
\ No newline at end of file
modules/hosts/mobius/services/forgejo-runner-myforgejo-token.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 JJTxJQeUkZq8QvD9tdy6CpMd+uP8AoUDxQviJMi5lTQ
+DUDUzwwwoX+McnBvbiWw4XCCnyHJXn+nzjLegRyAAIk
+-> y-grease
+1gpx20lalyrqeX9kzARgrJIZESM8wYcUDHT3sJiHVgZOvrBoU/RfbxHqowpuHOhB
+iBXCMBhR1U1WvYh1Gy11W3anRDUxXH87ruS+KSWKPL3xSvDNROxHU6LOiy/i40eA
+jJH+
+--- e5Xi9oBmuutQLad1TmMEkV3xfLo0aA2niX6gDPE717o
+�u8,�;����Lv��`�Hw�2���n�T��2��?�Ĉ�nRa��Y!�C��{�#"|������v��4w
\ No newline at end of file
modules/hosts/mobius/services/tailscale-authkey.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> X25519 M+7w4L86jnl4edjQdUdDODF262QV/RosFOagGDjyhGg
+1YvwL1wQH/QhCIbbXeB7BhSR8jCHVk/AU0MDSXQh6sY
+-> vycz4tp-grease i9!B< j*i&EY *H>? NHA>3
+RoZEdyywqOud7Ll1s3Z5NFT/IJMezBfINg
+--- OOEGaBWMpeOxM0IzyFxCG49QHULVQ5l45RLgLAIy5Sc
+\5'$9�E��2U:�ʇ�i�a�v���86j�p'O�@w1q��������$��G��S�heŃ���4����d3��Q?��IA��p!�
�g�)�C�A�8���WdTapK��/5�D��
\ No newline at end of file
modules/hosts/mobius/boot.nix
@@ -0,0 +1,20 @@
+{
+ den.aspects.mobius.nixos = {
+ boot.loader = {
+ grub = {
+ enable = true;
+ devices = ["nodev"];
+ efiSupport = true;
+ gfxmodeEfi = "1024x768";
+ };
+ efi = {
+ canTouchEfiVariables = true;
+ efiSysMountPoint = "/boot";
+ };
+ };
+
+ boot.initrd.systemd = {
+ enable = true;
+ };
+ };
+}
modules/hosts/mobius/default.nix
@@ -0,0 +1,45 @@
+{
+ inputs,
+ config,
+ den,
+ ...
+}: let
+ inherit (den.lib) __findFile;
+in {
+ #############################################################
+ #
+ # Mobius - NixOS running on Topfell DeskOne T2
+ # My first homelab server, with Ryzen 7 H 255 + 16GB memory.
+ #
+ #############################################################
+ den.hosts.x86_64-linux.mobius = {
+ usage = "server";
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMesHdI8FLpEPr6KG7t50+d+jKntmtAKvPT9amqdPaaz root@mobius";
+ hashedPasswordAged = ./hashed-password.age;
+ sshPorts = [21632];
+ authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFMKaGC2I3an4AJDeWzVx5vhm63+kxi6zJNdh7yEp6CK hpcesia@kevin"];
+ tailscaleIpv4 = "100.64.0.2";
+ tailscaleIpv6 = "fd7a:115c:a1e0::2";
+ users.hpcesia.classes = ["homeManager"];
+ instantiate = {modules}:
+ inputs.nixpkgs.lib.nixosSystem {
+ inherit modules;
+
+ # Fix vaultix error: attribute 'inputs' missing
+ # This is an anti-pattern of Dendritic Pattern
+ # I don't like this, but I don't see another way
+ specialArgs = {inherit (inputs) self;};
+ };
+ };
+
+ den.aspects.mobius.includes = [
+ # I can physically access Mobius,
+ # so I want a full featured console for emergency access.
+ <desktop/fonts>
+ <desktop/kmscon>
+ ];
+
+ den.aspects.mobius.provides.to-users.includes = [
+ <desktop/no-stylix> # Mobius is not desktop
+ ];
+}
modules/hosts/mobius/filesystem.nix
@@ -0,0 +1,33 @@
+{
+ den.aspects.mobius.nixos = {
+ swapDevices = [
+ {
+ device = "/dev/disk/by-uuid/65d34919-c7fc-4920-b110-05dea8e21bbb";
+ }
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/981af563-01b0-4863-b8ef-b1f1d5c7059b";
+ fsType = "btrfs";
+ options = ["subvol=root" "compress=zstd"];
+ };
+
+ fileSystems."/nix" = {
+ device = "/dev/disk/by-uuid/981af563-01b0-4863-b8ef-b1f1d5c7059b";
+ fsType = "btrfs";
+ options = ["subvol=nix" "noatime" "compress=zstd"];
+ };
+
+ fileSystems."/home" = {
+ device = "/dev/disk/by-uuid/981af563-01b0-4863-b8ef-b1f1d5c7059b";
+ fsType = "btrfs";
+ options = ["subvol=home" "compress=zstd"];
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/CD11-3A7D";
+ fsType = "vfat";
+ options = ["fmask=0022" "dmask=0022"];
+ };
+ };
+}
modules/hosts/mobius/hashed-password.age
Binary file
modules/hosts/mobius/networking.nix
@@ -0,0 +1,21 @@
+{
+ lib,
+ den,
+ ...
+}: {
+ den.aspects.mobius.nixos = {
+ networking = {
+ networkmanager.enable = true;
+ interfaces."wlp3s0" = {};
+ };
+ };
+
+ den.aspects.mobius.provides.ssh.homeManager = {osConfig, ...}: {
+ # Mobius is a homelab server and have no IPv4 address, so I have to use Tailscale for remote access.
+ programs.ssh.extraConfig = lib.mkIf (osConfig.services.tailscale.enable) ''
+ Host mobius
+ Port ${toString (lib.elemAt den.hosts.x86_64-linux.mobius.sshPorts 0)}
+ HostName ${den.hosts.x86_64-linux.mobius.tailscaleIpv4}
+ '';
+ };
+}
modules/hosts/mobius/state-version.nix
@@ -0,0 +1,17 @@
+{
+ den.aspects.mobius = let
+ stateVersion = "25.11";
+ in {
+ nixos = {
+ # DO NOT FIDDLE WITH THIS VALUE !!!
+ # This value determines the NixOS release from which the default
+ # settings for stateful data, like file locations and database versions
+ # on your system were taken.
+ # Before changing this value (which you shouldn't do unless you have
+ # REALLY NECESSARY reason to do this) read the documentation for this option
+ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html)
+ # and release notes, SERIOUSLY.
+ system.stateVersion = stateVersion; # Did you read the comment?
+ };
+ };
+}
modules/users/hpcesia/default.nix
@@ -33,6 +33,7 @@ in {
# host specific configuration for kevin
den.aspects.hpcesia.provides.kevin.includes = [
<pardofelis/ssh>
+ <mobius/ssh>
];
den.aspects.hpcesia.nixos = {config, ...}: {
secrets/cache/mobius/0d7ca820c3ab29f0e241a6272ede15f4b5bb5f51fb17c85a0579204041dd2542
Binary file
secrets/cache/mobius/19341e15bbe357479ae0f18f60df91b576e4195d0ca05c74efdbc2b7ba933e31
Binary file
secrets/cache/mobius/4bf2a733f28492cd2a6911c39dead796cbb5f825d6cad9f21b49410f2813d40d
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 5saP2w feFNK5iN7p2cx+FB2qAkgEODQQxaDozRG6GY/r2q/DI
+4lCwLoY/sDp8QK6bj8tP8sxAnvXe+3ADbERXbjBSNPg
+-> p-grease !0 O!OM M5C 4g
+/X5QdUmmgB2N6AMV+ZVZXcjcp0IY2w8MySdTXg
+--- xWS7W2PyZIMPOIR2aDUBtsyX+102qJi9oFmSIQ366Kg
+aJ�z2��*��[T���]�~yk��G�4��8�
�����9�l����R����b�$���Ȃ�#�w0��#~�:�2�[�i��Às�������O���,]x��I�$�t_�
\ No newline at end of file
secrets/cache/mobius/518827c8084887cc68d9ece0e4b44fda10dddcb114397cee1c96756caa200a41
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 5saP2w HE/EzvELgAlw+2jeJZjE1/UItuDLuuCmSQHl/zHSkF4
+FKdZQ4aOGb430kaoT848xUjP/u5tBQp2oksMQ4k3DHs
+-> |m7Lb+-grease l?_4(v :"&^"[ }@[rW E
+wZ20Ao7dRUgge6nF
+--- uhpq2GVJ0hKPmkyzrzbImkrhhlYXTP6yJrPZuJYAgGk
+r�a!|��)�L,�l-1j�,�'�8m�9-e���R��8�����}ڣ�X]�ܛ����Ğ�C7rV���&�Q4�x� x7
��?���2�=$�uX�窬do�R~yK�,
\ No newline at end of file
secrets/cache/mobius/805f008a61c5c78773cdc68aa817b9e17856b78bedc92c9389cb278e6462be8a
Binary file
secrets/cache/mobius/95deda8cb4f9597f464dcc6184c8f54e0a150af1ff7a8f53c4ad0d0c396f5603
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 5saP2w vvhSiAXHSuFPv3aBWuetRKxHy+ypEB+y4/8WcWctYR4
+29yf4TmvSsLjga/sOmOEZAP+El4E3gus5zhNF5t69Jo
+-> u0<2-grease
+iTWry5C3KX7BQ1rRGxJY9RxfYFZRxVaUUowyHtFdyFvYH5TmlIJqs/dgxMo9A2s
+--- 3XKwkf1XAFc2oAJQ+5fsRQbKdaFOUVjTgZx+6dFDMHg
+֒7m�
+J��R.��������H2U�C3��%�(:�h��I�[5����i��|�����Dټ�TUϺ
\ No newline at end of file
secrets/cache/mobius/a89a977518240617a7341ae374e90c8b0b41c2b3833248d25808d2de12948986
Binary file
secrets/cache/mobius/ae12b87c5a6de02867ce7ce8d7b800988f0025e5b8f050111b3633390602cccd
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 5saP2w fKgEbbelVcv/7bNi+TlI3/s9uxRTdzWuF8Qqp0l0tAY
+mK9DQ0IkGbosQKDG1EdqDvzKupWYnWL5S+Jk5xHuRyk
+-> 5g-grease `5!
+D94WHmNm0Ohza3EJUp2blgGbT9NvAI+HfZDUEFGkTVZGI/7uHgLEP0Y+vD5FPXlP
+JENf31v38SsQs/WL8NdCh7E2vKwvpdQsP0D66dKKIw
+--- AwjfXbkvtwVOzfCLQYXy9N+iMlpBcEgmYbFKRJ4NcHo
+��b �#���*�����3�Kw������룁���(+%=���}���ɽX��P1��Ӫ�'�ܑ�!�!m.�!y�eZ����DZ���o�ZVlb�.��u1u�3�Pn
\ No newline at end of file
secrets/cache/mobius/bf26308830dea9f1d7cd2c6e52c495055c1a1dda1c1de8be5850e93e780311a6
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 5saP2w QdJpA5wyElYB23A9KI6cSORJ9lTJbOpOBMuGyxn35jM
+2I0U56nlas6WCfvTkqFUIWD1TZX0QIQPEJ5KcD/vcvA
+-> <"4-grease #v
+PqMKx0N96oxWMfLPdt4V
+--- R8Z5xKsu5PdZHsIdBN/wFn/nEPrsgnSmehIo/9LGG98
+q�5���g��8� k����t �<������v#�%�
+UX�����N�[�O�D�626���gx��X
�K�gf��|z��"���������D�@n�ns�&L<����)/|��Mpp�LÉ6=�Z
\ No newline at end of file
secrets/cache/mobius/db90442c27fa0da811682d51c3c8e95200a6219e154e11dad5f80e761cc9706b
Binary file
secrets/cache/mobius/e4a7b7d1c72f87e057d58ff8b5c71556e071c13dc1c98dcbaf3377b2b20701dc
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 5saP2w NshgTW23+Kmir/p7/qpF3yjeagdXPherBN7uIPAnSw4
+zQyUInPQ0EeDU+FqCxbduaHTAAUB6R9UHw0dUVAsKPU
+-> ~->&!/=-grease
+EgvCpZxuz2JbHKwbQeAmB6R1ylH4kMzeBOO+k0GJptSGDbwKRYOeyF2HjXHWImJ3
+ukOX+L7R36vgqSRg7lqKloLQqg
+--- JcjyqjZXD5cJFbfd/JT4T38dUmnUQxMZp+qip/h4o08
+�����ʯ�w�
��.�ǁ7��gs��b�,L#�C�'s��i L۳��ZmZ5� �
S��
#`�
+2�A�D�>�|�@xa�� ��i�ۥ)���|�85
g���bȞ��<̚��&�^?B�I
\ No newline at end of file