init: scaffold nixos flake for lab server

2026-04-04 19:20:52 +01:00 · 2026-04-04 19:20:52 +01:00 · 1a7c5c9489
commit 1a7c5c9489
7 changed files with 89 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
 result
 .direnv
--- a/.sops.yaml
+++ b/.sops.yaml
@ -0,0 +1,7 @@
 keys:
  - &lab age1r8h6gy2f4mu8xvx609qeadl82v2hua74xaevsp982zyfh4tm9qlsu80s0f
 creation_rules:
  - path_regex: secrets/.*\.yaml$
    key_groups:
      - age:
          - *lab
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,21 @@
 {
  description = "NixOS configuration";
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs = { self, nixpkgs, sops-nix, ... }: {
    nixosConfigurations.lab = nixpkgs.lib.nixosSystem {
      system = "aarch64-linux";
      modules = [
        sops-nix.nixosModules.sops
        ./hosts/lab
      ];
    };
  };
 }
--- a/hosts/common/default.nix
+++ b/hosts/common/default.nix
@ -0,0 +1,12 @@
 { pkgs, ... }:
 {
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  time.timeZone = "Europe/London";
  i18n.defaultLocale = "en_GB.UTF-8";
  environment.systemPackages = with pkgs; [
    neovim
    git
  ];
 }
--- a/hosts/lab/default.nix
+++ b/hosts/lab/default.nix
@ -0,0 +1,31 @@
 { pkgs, ... }:
 {
  imports = [
    ./hardware-configuration.nix
    ../common
  ];
  networking.hostName = "lab";
  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      PermitRootLogin = "yes";
    };
  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  users.users.lew = {
    isNormalUser = true;
    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6KI06F0tHIurNFFRJRlHMeLb7dnUEk8jtSmdsdkfPPoDY0HL1A0QJwqsppFbjHSsJoQ/WZGIj09Evmk9RRGjR5uNEtDMWfxEoeJQoJ6Bwdit+BPa3TfgyyoLM107/D5JriFoZW9k0JVNkgAIFnHp6VAjFyrg4298yKzy2dZchDO4u5HfFi+HBwn2haP7IC0JNgq6GO8K+yw4UK2635/3B/xNLhhLobbT4sThcghBtBhvb8pSXJ0wLupwuGWN9uuONs0UYEOlb8BhedXR4ShJUsQERIPFByAvMaq5vbsVIojF5s4P4dAlpsRQpXhQa7E4wzwGy5bYVP3MNmtYwxZel ssh-key-2025-12-11"
    ];
  };
  security.sudo.wheelNeedsPassword = false;
  system.stateVersion = "23.11";
 }
--- a/hosts/lab/hardware-configuration.nix
+++ b/hosts/lab/hardware-configuration.nix
@ -0,0 +1,16 @@
 { modulesPath, ... }:
 {
  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
  boot.loader = {
    efi.efiSysMountPoint = "/boot/efi";
    grub = {
      efiSupport = true;
      efiInstallAsRemovable = true;
      device = "nodev";
    };
  };
  fileSystems."/boot/efi" = { device = "/dev/disk/by-uuid/3807-C85F"; fsType = "vfat"; };
  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
  boot.initrd.kernelModules = [ "nvme" ];
  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
 }
--- a/secrets/.gitkeep
+++ b/secrets/.gitkeep