From 236f965779fb3e7ec3f2e41f262a498ec7122ae6 Mon Sep 17 00:00:00 2001
From: Freya Murphy <freya@freyacat.org>
Date: Mon, 27 Jan 2025 22:38:04 -0500
Subject: [PATCH] add kaworu system (desktop)
---
.sops.yaml | 2 ++
files/keys/kaworu.asc | 13 ++++++++
flake.nix | 2 ++
hosts/kaworu.nix | 71 +++++++++++++++++++++++++++++++++++++++++++
secrets.yaml | 41 ++++++++++++++++---------
5 files changed, 114 insertions(+), 15 deletions(-)
create mode 100644 files/keys/kaworu.asc
create mode 100644 hosts/kaworu.nix
diff --git a/.sops.yaml b/.sops.yaml
index bb1aff9..7d7da6a 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -5,9 +5,11 @@ keys:
# Hosts
- &hosts:
- &shinji 2A8A27879715447AEEC59D0C18DCCBE353963394
+ - &kaworu FDD5D980CA2FEFF1AA8433B10F7CD7B91AB7CF01
creation_rules:
- path_regex: ^secrets.yaml$
key_groups:
- pgp:
- *freya
- *shinji
+ - *kaworu
diff --git a/files/keys/kaworu.asc b/files/keys/kaworu.asc
new file mode 100644
index 0000000..28ec11f
--- /dev/null
+++ b/files/keys/kaworu.asc
@@ -0,0 +1,13 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZ5hP3RYJKwYBBAHaRw8BAQdAUGrBfyCf71SN4jtAFh+opVa/S9S+mrLXWaaD
+MMavubC0M0ZyZXlhIE11cnBoeSAoS2F3b3J1IGtleSBwYWlyKSA8ZnJleWFAZnJl
+eWFjYXQub3JnPoiOBBMWCgA2FiEE/dXZgMov7/GqhDOxD3zXuRq3zwEFAmeYT90C
+GwMECwkIBwQVCgkIBRYCAwEAAh4FAheAAAoJEA9817kat88B0wQA/2/BPW/o+MEh
+kVsk7tYiiRJD40H3HziUB7K/9rAd1O9NAP49f508UMpNM+nJgbi8bKMjrSooz8Hj
+4nrGXh5gvqMBDrg4BGeYT90SCisGAQQBl1UBBQEBB0ArFtZlWFcLaZBKVq13GyoF
+mfARLvuOzsFWwz3ae9/XUwMBCAeIeAQYFgoAIBYhBP3V2YDKL+/xqoQzsQ9817ka
+t88BBQJnmE/dAhsMAAoJEA9817kat88B/10BANQ3s8RY+wD1RzJqAqScsFqcGnE7
+c97gtmjmgI4sWgSIAP44jgBykGXfiFpt0AO+2HHmduSWlpaOs+XYyMkTdzByAA==
+=4ESU
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/flake.nix b/flake.nix
index 7268eef..f4feb65 100644
--- a/flake.nix
+++ b/flake.nix
@@ -27,10 +27,12 @@
in rec {
nixosConfigurations = {
shinji = import ./hosts/shinji.nix { inherit inputs options; };
+ kaworu = import ./hosts/kaworu.nix { inherit inputs options; };
};
homeConfigurations = {
shinji = nixosConfigurations.shinji.config.home-manager.users.${options.user}.home;
+ kaworu = nixosConfigurations.kaworu.config.home-manager.users.${options.user}.home;
};
};
}
diff --git a/hosts/kaworu.nix b/hosts/kaworu.nix
new file mode 100644
index 0000000..0f666fb
--- /dev/null
+++ b/hosts/kaworu.nix
@@ -0,0 +1,71 @@
+# Kaworu
+# System configuration for my desktop
+
+{
+ inputs,
+ options,
+ ...
+}:
+
+inputs.nixpkgs.lib.nixosSystem rec {
+ system = "x86_64-linux";
+ specialArgs = { inherit inputs; };
+ modules = [
+ options
+ ../nix
+ {
+ # options
+ hostName = "kaworu";
+ monitors = [{
+ name = "HDMI-A-1";
+ scale = 1.0;
+ }];
+
+ # hardware
+ hardware.graphics.enable = true;
+ hardware.bluetooth.enable = true;
+
+ # bootloader
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi = {
+ canTouchEfiVariables = true;
+ efiSysMountPoint = "/boot/efi";
+ };
+
+ # kernel modules
+ boot.initrd.availableKernelModules = [
+ "xhci_pci"
+ "ahci"
+ "usb_storage"
+ "usbhid"
+ "sd_mod"
+ ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-amd" ];
+ boot.extraModulePackages = [ ];
+
+ # firmware
+ hardware.enableRedistributableFirmware = true;
+ hardware.cpu.amd.updateMicrocode = true;
+
+ # luks device
+ boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/89257280-202b-4565-b832-89f160d5e4e2";
+
+ # root
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/4906f0dd-b036-40fc-9a3f-0d031dbc2513";
+ fsType = "btrfs";
+ };
+
+ # boot
+ fileSystems."/boot/efi" = {
+ device = "/dev/disk/by-uuid/099A-D668";
+ fsType = "vfat";
+ options = [ "fmask=0022" "dmask=0022" ];
+ };
+
+ # swap
+ swapDevices = [ ];
+ }
+ ];
+}
diff --git a/secrets.yaml b/secrets.yaml
index 28ca3a6..2a20fa7 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -1,34 +1,45 @@
-freyanetWg: ENC[AES256_GCM,data:xRM6yS/p2PrntO33TCIUrv3giPAdtKapkK/cQoNmraAKQCNOkwccmn4kXY0=,iv:OHnIVZVDZ7mTHM9pNFPiEKLUl02C9I1yQtSp3JbSstk=,tag:LFlLKGYe0HcU/GvOVFrVbg==,type:str]
+freyanetWg: ENC[AES256_GCM,data:mUI3eIwFzanJz9iJCbIBDg3FMKdDMcOQ6u96mk5/zZd8MG5kuOG39wu8xZQ=,iv:Sd6EjuQiNhD0QupGpbRPJF7aIBCJJ3/LNNmUYlBMRNI=,tag:KFKoL0JbSfEQidaEzi049Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
- lastmodified: "2025-01-24T17:44:07Z"
- mac: ENC[AES256_GCM,data:KIRtBWMriL3LWC67RyJrKwcZtt5lYifHZJ3SgJf424CbRbTZtmPmQBCAiLy1Mctwjg8774by0e+mGMPRzI17GqIX26FSh8QWdTaW6o/p9YIIkjjQX8XDtASshZMYgqy/psEBA6NJ68vmAUFHaDpc7UYfy4nZ7jDu6NNVTXI9AsA=,iv:20n+SDE6EWaL+HKWSPY6a1NSa195gFIuMFiv6gccDRc=,tag:P/URXcSJcaogxmw+MXlh/Q==,type:str]
+ lastmodified: "2025-01-28T03:38:29Z"
+ mac: ENC[AES256_GCM,data:2DA6o6yq0jbaNjNf6x15UrzVl7jOz7MXnAZf53kwEU94OIDr10xSLjaPmv9c+7FNTPXlesldNOY6LNsiaMGiOg+CWLA8RF9W0N/m23TtwC91PZEfvHFYpIyJsUlGFh9SzP1kgtIdoPIL40Clt1cjvb5Kf9wXlTlR1IBG0hXnobk=,iv:M7YtsfwDu4rSoXoTwnqxAuMCP92urQZCQxSMU8bWmRU=,tag:pMF1h81YlR8edyA4PddGSQ==,type:str]
pgp:
- - created_at: "2025-01-24T17:44:07Z"
+ - created_at: "2025-01-28T03:38:29Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hF4D0Q846mnV8HYSAQdAa2X6kxQtkBLjRtRbK26TGpr28mJWV8lTz6AxgYCsuQAw
- 23kWYwg2wVdnTKCRcVcTYZcyqXx41Cl9tW/GAQRrUdZqDPKAqrNVI7W+/lNdgygz
- 0l4B9zbWc86uX/2uTgTU08mNV5qedoSa0myxUhXDYcSaHT1UNWutIxcxyMjRimIR
- pHmAnVaBmiDlCwq7TM4zSrg/N4mtbeRbWn0OVeaUPU8jZ6XmKaFFKLp262GC1Vn0
- =GiBI
+ hF4D0Q846mnV8HYSAQdA/6JUyYGRuAjB6bCVUXTo7TSK7pCXvJIQhlWRGW4bITEw
+ JqUBHaJLP4OVj3OQfJ8kS22WdNCjZuXieGAaNHdycc6X6RsMZMaFOYJyv6zETyRR
+ 0lwBoJvUiOaubpetO8I7o/8mZE1YeyYwvBfve06Y03FobLsnGyWIJEetQ02XCTNq
+ EoGakt8S4yZMVvcUSTJMyBwm5XdQ1VxJYBhO0FNE0BssY40TnGpeMYXQlO3saQ==
+ =32DI
-----END PGP MESSAGE-----
fp: D9AF0A4209B7C2DE11A884BFACBC553660D9993D
- - created_at: "2025-01-24T17:44:07Z"
+ - created_at: "2025-01-28T03:38:29Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hF4D/YCJcy0T0DkSAQdAzsg6F1Y2KECBBychHLVefYwOOg3Lv7kgVK6rU4mH80sw
- Cm4WOEkHJdloDSZRCXYs2maIYVDQoFM9pL4sLCr9Tpw050L9vSdI0IuWS7I8G9RR
- 0l4B3mZM3R58dyyZw0p7br/oPXPavRguwFiTs5sa6EeDonclDvXjMhq2c1jVYWw8
- iC77SDpZ0X9wz/Mq4Fptd56ywFqg9Zx2Odu171eqH5W7majQyiBIaSJGBEnVX8LX
- =OiC0
+ hF4D/YCJcy0T0DkSAQdAN9vFfITcf5mBKfpKWDSNdRl5FVJm/5+aUp3TsxcWZy0w
+ nFxEY/7L+bSfLiJ6wJNrar5WJIEEwPfoMnSIczBH1rHxFzMMgoCZhDwyg16uYgJU
+ 0lwBoiBR1dYs9Lp5UXY9Wx78thLOzx+lBNpkDpEk/NQ8HZGDsRvgk+eqbKK5wSJ0
+ H2cpzmIQAh+VV/8ET1A5ennbDBvZkGszWH1KlrHsvlH/Y9lP3SCvvqOItYAn+Q==
+ =nJOb
-----END PGP MESSAGE-----
fp: 2A8A27879715447AEEC59D0C18DCCBE353963394
+ - created_at: "2025-01-28T03:38:29Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4D44lFd4jLszcSAQdApkf/uS4BHv2ePPQbOpHkWov+xfV1IzZ0TZIVeT84vz4w
+ HS27ZMyvkD7u+RHt+UzSZOg1Z1KgzE2twHWeOuP4DTszF58Y4pKdQImp/KfcurTj
+ 0lwBDWuWh98V2xiALZdPAe+EifO2H+fVJVflGth5UR7j2sCYO5x+PZajCErnU0b7
+ 6cjWkcFKVdPdNJbl0g2YC2ILZHUlt2jgtr/yx06arb9f2cLK2Gc/rlpz4CfUHA==
+ =1S+6
+ -----END PGP MESSAGE-----
+ fp: FDD5D980CA2FEFF1AA8433B10F7CD7B91AB7CF01
unencrypted_suffix: _unencrypted
version: 3.9.3