host(kita): bootstrap

soopyc · Jul 19, 2024 · 00cb722 · 00cb722
1 parent 8e3fa17
commit 00cb722
Show file tree

Hide file tree

Showing 8 changed files with 134 additions and 3 deletions.
diff --git a/.sops.nix b/.sops.nix
@@ -9,6 +9,7 @@ let
   age.satori = "age1ezx4f7szu3mf4e84de7vlw0aaxshfr3tjt6dm356g578ujkck9mqy6ff8v";
   age.bocchi = "age1w7l663nmqq87e46893dngcy8uxpfeuxlp42a3ma0x4wyuxltjddsecy06p";
   age.renko = "age1p6n5yh9fy09xspwf29klfsa4zdrhp04q22gvxkz2vvm88vt9tunsdn020s";
+  age.kita = "age1z48mx0tgfe9x5srtthqxllz03rfmtg620waqlplxmc0xvykatfdqxa0xwp";
 
   everything = [
     {
@@ -44,5 +45,6 @@ in {
     (mkHost "renko" [age.renko])
 
     (mkHost "bocchi" [age.bocchi])
+    (mkHost "kita" [age.kita])
   ];
 }
diff --git a/.sops.yaml b/.sops.yaml
@@ -4,6 +4,7 @@ creation_rules:
 - key_groups:
   - age:
     - age1w7l663nmqq87e46893dngcy8uxpfeuxlp42a3ma0x4wyuxltjddsecy06p
+    - age1z48mx0tgfe9x5srtthqxllz03rfmtg620waqlplxmc0xvykatfdqxa0xwp
     - age18h7hya5terghrwawgpny28swlat2nqkdrfd4clk0svujqlz9xfusd3zeqt
     - age1p6n5yh9fy09xspwf29klfsa4zdrhp04q22gvxkz2vvm88vt9tunsdn020s
     - age1ezx4f7szu3mf4e84de7vlw0aaxshfr3tjt6dm356g578ujkck9mqy6ff8v
@@ -34,3 +35,9 @@ creation_rules:
     - age1zkafenrdkkmatjh034yykpzjzzs5fx6kft23jlmsung3dwyufcksds59l2
     - age1w7l663nmqq87e46893dngcy8uxpfeuxlp42a3ma0x4wyuxltjddsecy06p
   path_regex: creds/sops/bocchi/.*
+- key_groups:
+  - age:
+    - age1l3qxt6630dzesdclfm3eqgw3uuhwj09dh6typwlwr6clcv0qhfrqgtj2fk
+    - age1zkafenrdkkmatjh034yykpzjzzs5fx6kft23jlmsung3dwyufcksds59l2
+    - age1z48mx0tgfe9x5srtthqxllz03rfmtg620waqlplxmc0xvykatfdqxa0xwp
+  path_regex: creds/sops/kita/.*
diff --git a/creds/sops/kita/default.yaml b/creds/sops/kita/default.yaml
@@ -0,0 +1,42 @@
+lego:
+    cf_token: ENC[AES256_GCM,data:1mRDFEmqlkLEZqEjCnBqHImPHAQQr7y0MxpQ9NnwxQztfffnMns/Cw==,iv:eeC0GdKrb7V1UCUKYQKL1BLbdl3efi0JDFFtnr18Zn0=,tag:5wczUDhw9+d86CH8ayAzlw==,type:str]
+vmetrics:
+    auth: ENC[AES256_GCM,data:VNQqgSABHCvGwgfsD2xszHSXWxgguI41Mcb2UU0cZiL1jxSz4yv+78/VBlpcP47evg5YKQ7PhXs7EMVu05GL3Ge9oTX66co2e5afuCVqvpMWOWGFflIQ/wSh0ucdwKD60tguLV5DCSalbExYiTs4IxwKGJVlb2Ep6IcGzYU/5rGHmB3+RaTkL5Fosh/QnxR9afgyoDfoLYQfZfiHeQkaDbtLfaf+xPJ52C4/gA==,iv:FJPyNYYtFqKK2CsrN2IHkIkJLwt4DYmzyIUarwrlfng=,tag:nP1s7TKqodCOwehapqPnow==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1l3qxt6630dzesdclfm3eqgw3uuhwj09dh6typwlwr6clcv0qhfrqgtj2fk
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTOENCN2plck1pNmM1SE9Z
+            V1ZhTXl5SjdtVmE5aThlRzFHaHlkS2ZCTFFBCng0d0wvdzJJb29jZHdCNWRjS2ta
+            TTFWZEUzYTRKSnc1OEtIbFZOTzhndW8KLS0tIFVMTmJCU05RMjIyVlBIWlNEZDJN
+            azZheFdUbnNFSkhCQVI0Z2ZHd2h1bGsKJq/A4wNDF6eIcaN9IsCD7ZWSnXGLAR4r
+            k7Kl8qUxPCJX4Nvv3Y4jxzM8l6r2rSdCvArvJw78bDT/Tc/uqN/EtQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1zkafenrdkkmatjh034yykpzjzzs5fx6kft23jlmsung3dwyufcksds59l2
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArRGF1bzg2UjVEZ0RyZzBU
+            aWtpQ3pZWEJYc0xBMWMzamhRU094QWRCM2dFClV4cUQ0d1dIYVh3S1VYMk5yQWR3
+            R2ZRNllCajNISXJqdXFMZlJncjYwOU0KLS0tIEY5bkk4YmRUOE9VY2lSQ2hDMmxS
+            Q1lhbnl1MEZpU014WFRPR3Z0MnpYUlkK1dp0vFl5LPyeSK0tdIz3M1cXYWS/4C4b
+            taBRgt+azFn8enlsGug/3SC8DVHIxFXORAwASPpRszJnO2L+XxvBlQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1z48mx0tgfe9x5srtthqxllz03rfmtg620waqlplxmc0xvykatfdqxa0xwp
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYeDczdGZGeWpxL21OL0Jt
+            cjl3dkJYSzhuelE4YmpaTnFTSS9BTzM5NWg4CnljNUVuYWdLeThsRUQ5WlZkSmRS
+            VEZQUkxGMklzWmRFNFZEZy8xeWx3c2MKLS0tIEdGd0IvVVIrd2lGdy94cWhxalVa
+            cFNQTC84bElyWTd2Z3NrNGZ1YU11ckUKubHloAHRcq4lOv/ptA87f0JIZSOdjkBe
+            kFDXpeL47DW+/tT4xENCgz7ntj6Rr1trWNwqGn1KHtmJdUDnkmxBQQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-07-19T07:43:37Z"
+    mac: ENC[AES256_GCM,data:HVT8C8nEVwHOz/3OPpPP2hOVa63rzXqvWTMDCskyaD138EaFI+X1LM6SCmW4aQR9qXQFOOeVnDX6l8R+uGaxD4+8DrDWtgLHUQz1nuLSIdkQI0n3Txo+gWohHl6hsGL49+h1FbifMoi/IVTkZeCv0SFqDyEUj5o8p9aOiFFBpi8=,iv:BuFu4kSRAAYPckPQwQSReMX5BM1SJA/bErDC/wkIYOU=,tag:DNpGoEr7buXM3ApqK4qFRw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0
diff --git a/creds/sops/koumakan/default.yaml b/creds/sops/koumakan/default.yaml
@@ -77,6 +77,7 @@ vmetrics:
             bocchi: ENC[AES256_GCM,data:MjGOyURWES8NwGWY32iypS1EDVOzfzBa7bq5Vs76Xann81eqf3fXYyNE3R+sD/rkJrwdpIImerT0/UvYjF/kWuZevRLwFor9/vR+Q1VXon9VlnW+VjgfdtT7G91KTUKSg1Iz4/nxCkGCqpTFUMJ7nUvLqGjujgBJijQ53rTwppNXzgA8EvrvCN7GiO0k/KHZ5YKgL/eTYaGCELkfREUsnwxYT7LB2uq5LhE/3Q==,iv:vhfxElYtouDM44cRzZwuZvJMncRN0Wt5uSfcSEFAuoM=,tag:sTbrQjRSd1hvHeL5YMxHEg==,type:str]
             satori: ENC[AES256_GCM,data:gqlXoxWV0uhZcSs6WXXTh2Lnf5R3eVAzubtmzZuXMAc93Ta8c3cl1UTTkqkduwIPLgkIaczRVoTIxv/osM/Brk2vXoleXK/rKdeKdpQ/BZGtdUYJWDCcfaPa0W5frurreBAbaOEEYSda6mX7f+AAOQ2xyzWyY3RpdYxCSUmn4NOuST8YNIOhYTgLH4ze1MVzTrdooRZGLy9xjOquvcjSZJm4JiukVPD5T0GRPA==,iv:6NhlTlShIUrtl5844NGWq5903liy7pbbsaa9z/OBxSQ=,tag:vanLDuZLt8VrxMBADHJwcg==,type:str]
             renko: ENC[AES256_GCM,data:J502Jrpzo7zif1in3/tOqGOxCpHISbkpI800MBQm3EZMiu71PHkUtfAV4NDDAEwW1PelJ2qHEMDzbXtwb5FB54lhQujf7hCE2CobKdx77CXqSmIWvAAehxh9doWDO/26BA7ah7GoGA4ZRu6DLzXex4Lsl98vkoZRx0py+AZ1xF22FEydVzlyXE1PEBJ83TxfLlWHQMStdqkc0OJy95bEuUgttk5iPCU4arwYDw==,iv:WA8CsytshgRN0LXWyxm6pHQ0N8vwDfvh7VNlemrja8o=,tag:Go0QsLWEX7+acIwNOJ5MhA==,type:str]
+            kita: ENC[AES256_GCM,data:XDY7c6VDfc5Fk/gJSUwy/+6NqAvP/pn1P4o8vCwf56100XzwCsnwoOvYkspDho2+5jPTPSOFvNyVBXEr7CI89DMe9IyyQg7K7+cBDUcTrIIxmBhiuNPjY0lnjIU1x2u8XeJNSm2O09Hglc9wgvVNb9rtxA6sSFLHFwAZHI1vuQ3u7kd5v906QjctmWs10TLdj7LOCxilksypOxgCal4tRF5cYkew33ku7U2KJA==,iv:t1Rt7h6ExtMy5pltAJ4YBbbwoPqRyvr0gkWJXAnwvkQ=,tag:XQKaXZFbbEP+YgeZbUCkQA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -110,8 +111,8 @@ sops:
             aTVmSnZXbWxOUzdKQTBvWTV5Q3FYNTAKyzzywFJ3z3V1japTvxvutsZd4+e4dfxE
             HbBelv4P6RJKauRmmLB/wGrUdr8Y8qHX+dsB5UBXLZNydKWOUQHHTw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-22T03:53:36Z"
-    mac: ENC[AES256_GCM,data:OOxZCOgdUIQUQ8b/6vVrHlv4Jjez8YEJp57nUu3W9dJXWU7qGFcXnysSlPdvkDyXLm4MOqaBwTmzA2rbUiR2JXG5XMp33UkXv2CegXtQNifSD+jdjtFr9MnFM/tNcX3rO6bhvUu5QmUGUH+DfbQC5k5acs97AZIY/0lERm46iu0=,iv:LdEe+k7qRgj4PT/O/D8qR0sP3OUl2uyWNNB/E4g2LDo=,tag:8I9a+ryB0bu6CI43Acwx3A==,type:str]
+    lastmodified: "2024-07-19T07:17:38Z"
+    mac: ENC[AES256_GCM,data:NIimAshUepJIjNSo5mQUdK+zjVkkcVyrNtkbqEjjdbrZVbh5nhVxq17IY+o0EoFvOR96gs0vFjtxo/ULNs2mO3EiWFeTuVKJMOseGYZD/QDGhPgzUCHaFtJ5xwIoL+6ywZa0kczTce3eMU0vCYYUiiDsYVcOSJJ8v6jT7rJD20o=,iv:JTZprudzfS5ACtrsE7Jbhg7k8WURzaLeCfRtgPX2lyo=,tag:Bouy52VKRFui1gkS4PE8LA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.0
diff --git a/systems/default.nix b/systems/default.nix
@@ -31,4 +31,5 @@ in {
   satori = mkSystem "satori" "x86_64-linux";
   renko = mkSystem "renko" "x86_64-linux";
   bocchi = mkSystem "bocchi" "x86_64-linux";
+  kita = mkSystem "kita" "aarch64-linux";
 }
diff --git a/systems/kita/configuration.nix b/systems/kita/configuration.nix
@@ -0,0 +1,9 @@
+{...}: {
+  imports = [
+    ./networking.nix
+    ./hardware-configuration.nix
+  ];
+
+  gensokyo.presets.vmetrics = true;
+  system.stateVersion = "23.11";
+}
diff --git a/systems/kita/hardware-configuration.nix b/systems/kita/hardware-configuration.nix
@@ -0,0 +1,18 @@
+{modulesPath, ...}: {
+  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+    device = "nodev";
+  };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/82F0-EC7D";
+    fsType = "vfat";
+  };
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
+  boot.initrd.kernelModules = ["nvme"];
+  fileSystems."/" = {
+    device = "/dev/sda1";
+    fsType = "ext4";
+  };
+}
diff --git a/systems/kita/networking.nix b/systems/kita/networking.nix
@@ -0,0 +1,51 @@
+{lib, ...}: {
+  # This file was populated at runtime with the networking
+  # details gathered from the active system.
+  networking = {
+    nameservers = [
+      "8.8.8.8"
+    ];
+    defaultGateway = "172.31.1.1";
+    defaultGateway6 = {
+      address = "fe80::1";
+      interface = "eth0";
+    };
+    dhcpcd.enable = false;
+    usePredictableInterfaceNames = lib.mkForce false;
+    interfaces = {
+      eth0 = {
+        ipv4.addresses = [
+          {
+            address = "65.108.157.80";
+            prefixLength = 32;
+          }
+        ];
+        ipv6.addresses = [
+          {
+            address = "2a01:4f9:c012:d247::cafe";
+            prefixLength = 64;
+          }
+          {
+            address = "fe80::9400:3ff:fe8a:bf64";
+            prefixLength = 64;
+          }
+        ];
+        ipv4.routes = [
+          {
+            address = "172.31.1.1";
+            prefixLength = 32;
+          }
+        ];
+        ipv6.routes = [
+          {
+            address = "fe80::1";
+            prefixLength = 128;
+          }
+        ];
+      };
+    };
+  };
+  services.udev.extraRules = ''
+    ATTR{address}=="96:00:03:8a:bf:64", NAME="eth0"
+  '';
+}