system: init attic

agenix/hosts/attic/config.nix

@@ -0,0 +1,7 @@
+{
+  age.secrets = {
+    user-daniel-password = {
+      file = ./user/danielPassword.age;
+    };
+  };
+}

agenix/hosts/attic/user/danielPassword.age

@@ -0,0 +1,15 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBtY3Nl
+OG1NUkZKaWJ2WFdDQWkxc3B2cjFOOFZmR0RyWmtpSTRSZXJJbDFrCmhMZ2xSdGtQ
+bjJpY3ZhM1YxWG5LQllGcHdGNDA0MEdydUFoak9tTHZ0cGMKLT4gc3NoLWVkMjU1
+MTkgc1ZmNkNBIFlYZHlYWnJ0YkdoK1d1NWc0K2ZoQ2FXWithMTBGYmJQNFBuK09Z
+QzhzR28KSkM3L3M1cTl6bGoxN0dCenI3bUh2c1hVaTFvRXh1WFAyc0N2N1l5YTk4
+NAotPiB5MjMtZ3JlYXNlIGcvO3hMd2MgVSBkV0IgIjlJXigtUjcKRzFkbkxBRkMv
+VURiVHhpUFdEUE9CSDBZR3Y2SEgwMk9QMkVwNzRobGk5NHZqQndOV1hzUVp2KzVz
+dXpsa1hWVQpZbWgrMFJUYlcrcW55dENqSnY3SXhKcG1oRzg3cDNRcTh0WlV4a3VS
+eE1kSFlUallmOWFMR2cKLS0tIGxyaS82dFAyL0g1aXJlNGRBQXFFRTR1dlVDaGhn
+UUYzTGlhaWh6WkRUU1EKRoZpIw9V8TPzCZ1uKMFKIIQBXXMdgl4/dKha6WnjoIbk
+ASDFOC0CRcL6LE1yw1ri70BRKS575w6dSt3myRIAYuDOScVTdu6i6aceS9Llj/oz
+FNT1/Gf4cpMB6itAh27+3gGy8xiGt4wvvnDRc1R4M8M+wTvIZr0c7Sl1DMfCHcuJ
+7wvjpXpili0JOw==
+-----END AGE ENCRYPTED FILE-----

flake.lock

@@ -119,11 +119,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1680562426,
+        "lastModified": 1680597706,
-        "narHash": "sha256-ts0WBpkoB/vdi4FzGQfYfeluDk+tCQ+ujggJ+vFM9kk=",
+        "narHash": "sha256-ZqJ3T+BxzjPH9TnmeUwS4Uu9ZQPeBXAFC9sUWlharT4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "eefb37938639739251acd4bb68ecdaf7de2a13b5",
+        "rev": "ec06f419af79207b33d797064dfb3fc9dbe1df4a",
         "type": "github"
       },
       "original": {

flake.nix

@@ -44,6 +44,13 @@
         inherit inputs;
       };
 
+      attic = import ./system/flakes/attic.nix {
+        inherit (inputs) nixpkgs;
+        inherit (inputs) home-manager;
+        inherit (inputs) ragenix;
+        inherit inputs;
+      };
+
       adsb-antenna = import ./system/flakes/adsb-antenna.nix {
         inherit (inputs) nixpkgs;
         inherit (inputs) home-manager;
@@ -57,6 +64,7 @@
 
       nixosConfigurations = {
         sail = sail.system;
+        attic = attic.system;
         adsb-antenna = adsb-antenna.system;
       };
     };

hardware/hosts/attic.nix

@@ -0,0 +1,25 @@
+{ pkgs, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+  boot = {
+    loader.grub.device = "/dev/sda";
+
+    initrd = {
+      availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+      kernelModules = [ "nvme" "tls" ];
+    };
+
+    kernelPackages = pkgs.linuxPackages_latest;
+    kernelModules = [ "tcp_bbr" ];
+
+    kernel.sysctl = {
+      "net.core.default_qdisc" = "fq";
+      "net.ipv4.tcp_congestion_control" = "bbr";
+      "net.core.rmem_max" = 2500000;
+    };
+  };
+
+  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+}

home/hosts/attic.nix

@@ -0,0 +1,34 @@
+args@{ pkgs, ... }:
+
+{
+  imports = [
+    ../programs/fish.nix
+    ../programs/atuin.nix
+    ../programs/starship.nix
+
+    ../programs/nvim
+
+    ../programs/git.nix
+
+    ../programs/bat.nix
+
+    ../programs/fzf.nix
+
+    ../programs/jq.nix
+
+    ../programs/scripts.nix
+  ];
+
+  home = {
+    stateVersion = "22.11";
+
+    packages = with pkgs; [
+      curlHTTP3
+      lnav
+      mtr
+      parallel
+      q
+      ripgrep
+    ];
+  };
+}

secrets.nix

@@ -2,8 +2,10 @@ let
   user-daniel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1UfCIu7jUe64iQmp2UUyAgqZ3IYdMOo/Me6hRTnKoG";
 
   system-sail = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJMs1BqZ+MC7XBwV+dZW8EmaZt2cOg/xcOBPS9KSzIl";
+  system-attic = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHe6N3LfPxu7KNsyuI8YE3R0OHLTxNw5+WhuQjKL6PUr";
 
   sail = [ user-daniel system-sail ];
+  attic = [ user-daniel system-attic ];
 in
 {
   # sail
@@ -39,4 +41,7 @@ in
   "agenix/hosts/sail/anonymous-overflow/config.age".publicKeys = sail;
 
   "agenix/hosts/sail/proxitok/environment.age".publicKeys = sail;
+
+  # attic
+  "agenix/hosts/attic/user/danielPassword.age".publicKeys = attic;
 }

system/flakes/attic.nix

@@ -0,0 +1,38 @@
+{ nixpkgs, home-manager, ragenix, inputs, ... }:
+
+let
+  overlay-neovim = inputs.neovim-nightly-overlay.overlay;
+  overlay-nifoc = inputs.nifoc-overlay.overlay;
+
+  nixpkgsConfig = {
+    overlays = [
+      overlay-neovim
+      overlay-nifoc
+    ];
+
+    config = {
+      allowUnfree = true;
+      allowBroken = true;
+    };
+  };
+in
+{
+  system = nixpkgs.lib.nixosSystem {
+    system = "x86_64-linux";
+    modules = [
+      ../hosts/attic.nix
+
+      home-manager.nixosModules.home-manager
+
+      ragenix.nixosModules.default
+
+      {
+        nixpkgs = nixpkgsConfig;
+        nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+        home-manager.users.daniel = import ../../home/hosts/attic.nix;
+      }
+    ];
+  };
+}

system/hosts/attic.nix

@@ -0,0 +1,120 @@
+args@{ pkgs, lib, ... }:
+
+let
+  ssh-keys = import ../shared/ssh-keys.nix;
+in
+{
+  imports = [
+    ../../hardware/hosts/attic.nix
+    ../../agenix/hosts/attic/config.nix
+    ../nixos/ssh.nix
+
+    ../nixos/git.nix
+  ];
+
+  system.stateVersion = "22.11";
+
+  nix = {
+    package = pkgs.nixVersions.stable;
+
+    settings = {
+      auto-optimise-store = true;
+
+      substituters = [
+        "https://nix-community.cachix.org"
+        "https://wurzelpfropf.cachix.org"
+        "https://nifoc.cachix.org"
+      ];
+
+      trusted-public-keys = [
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+        "wurzelpfropf.cachix.org-1:ilZwK5a6wJqVr7Fyrzp4blIEkGK+LJT0QrpWr1qBNq0="
+        "nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
+      ];
+    };
+
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 14d";
+    };
+
+    extraOptions = ''
+      experimental-features = nix-command flakes
+      extra-platforms = aarch64-linux
+      keep-derivations = true
+      keep-outputs = true
+    '';
+  };
+
+  boot = {
+    cleanTmpDir = true;
+
+    binfmt.emulatedSystems = [ "aarch64-linux" ];
+  };
+
+  zramSwap.enable = true;
+
+  networking = {
+    hostName = "attic";
+    useNetworkd = true;
+  };
+
+  systemd.network = {
+    enable = true;
+
+    networks = {
+      "10-wan" = {
+        matchConfig.Name = "eth0";
+        networkConfig = {
+          DHCP = "ipv4";
+          Address = "2a01:4f8:c0c:fa14::1/64";
+          Gateway = "fe80::1";
+        };
+        linkConfig.RequiredForOnline = "routable";
+
+        ntp = [
+          "ntp1.hetzner.de"
+          "ntp2.hetzner.com"
+          "ntp3.hetzner.net"
+        ];
+      };
+
+      "20-private" = {
+        matchConfig.Name = "enp7s0";
+        networkConfig = {
+          DHCP = "ipv4";
+          IPv6AcceptRA = false;
+        };
+        linkConfig.RequiredForOnline = "yes";
+      };
+    };
+  };
+
+  services.journald.extraConfig = ''
+    SystemMaxUse=1G
+  '';
+
+  documentation = {
+    nixos.enable = false;
+    doc.enable = false;
+  };
+
+  programs.fish.enable = true;
+
+  users.users = {
+    root = {
+      openssh.authorizedKeys.keys = [ ssh-keys.Hetzner ];
+    };
+
+    daniel = {
+      passwordFile = config.age.secrets.user-daniel-password.path;
+      isNormalUser = true;
+      home = "/home/daniel";
+      description = "Daniel";
+      extraGroups = [ "wheel" ];
+      shell = pkgs.fish;
+      openssh.authorizedKeys.keys = [ ssh-keys.Hetzner ];
+    };
+  };
+}