🔥

2026-01-27 18:48:29 +01:00 · 2026-01-27 18:48:29 +01:00 · 78c6c5b26b
commit 78c6c5b26b
parent e61be4a176
15 changed files with 142 additions and 38 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -0,0 +1,13 @@
 # EditorConfig is awesome: https://editorconfig.org
 root = true
 [*]
 end_of_line = lf
 insert_final_newline = true
 charset = utf-8
 [*.nix]
 indent_style = space
 indent_size = 2
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,7 @@
-# Created by https://www.toptal.com/developers/gitignore/api/windows,linux,macos,direnv,vim,emacs,visualstudiocode,jetbrains+all,nix
+result
-# Edit at https://www.toptal.com/developers/gitignore?templates=windows,linux,macos,direnv,vim,emacs,visualstudiocode,jetbrains+all,nix
+
 # Created by https://www.toptal.com/developers/gitignore/api/windows,linux,macos,direnv,vim,emacs,visualstudiocode,jetbrains+all
 # Edit at https://www.toptal.com/developers/gitignore?templates=windows,linux,macos,direnv,vim,emacs,visualstudiocode,jetbrains+all
 ### direnv ###
 .direnv
@ -190,8 +192,6 @@ Temporary Items
 # iCloud generated files
 *.icloud
 #!! ERROR: nix is undefined. Use list command to see defined gitignore types !!#
 ### Vim ###
 # Swap
 [._]*.s[a-v][a-z]
@ -257,4 +257,4 @@ $RECYCLE.BIN/
 # Windows shortcuts
 *.lnk
-# End of https://www.toptal.com/developers/gitignore/api/windows,linux,macos,direnv,vim,emacs,visualstudiocode,jetbrains+all,nix
+# End of https://www.toptal.com/developers/gitignore/api/windows,linux,macos,direnv,vim,emacs,visualstudiocode,jetbrains+all
--- a/apps.nix
+++ b/apps.nix
@ -0,0 +1,9 @@
 { pkgs, pkgs-k8s, ... }:
 let
  mkApp = {};
 in
 {
 }
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,24 @@
 {
  "nodes": {
    "NixVirt": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1748140003,
        "narHash": "sha256-DNBZmuk1YRM2PmwbHzVdXumRjCUzQkMarg4iI/37rOQ=",
        "rev": "5dfe108fd859b122f9a96981cb6bc12297653d6c",
        "revCount": 407,
        "type": "tarball",
        "url": "https://api.flakehub.com/f/pinned/AshleyYakeley/NixVirt/0.6.0/0197059a-e45f-7446-86b5-411ccc894ab0/source.tar.gz"
      },
      "original": {
        "type": "tarball",
        "url": "https://flakehub.com/f/AshleyYakeley/NixVirt/%2A.tar.gz"
      }
    },
    "agenix": {
      "inputs": {
        "darwin": "darwin",
@ -102,22 +121,23 @@
    },
    "nixpkgs-k8s": {
      "locked": {
-        "lastModified": 1763378238,
+        "lastModified": 1765836122,
-        "narHash": "sha256-Q0rIDYv83RF5o5cm+JMCDAkWByNk8HMGgFDHjDTQc/I=",
+        "narHash": "sha256-L6UU7Q/EWQWLrH6yzOrOrW8zWeK9RKP0EKNeaBgRzr8=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "c05d8d4121d466c8a57b81130ba8ae7551d4f769",
+        "rev": "771c08bfa8c7da5ab251a1d0d56fb01948f45473",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "c05d8d4121d466c8a57b81130ba8ae7551d4f769",
+        "rev": "771c08bfa8c7da5ab251a1d0d56fb01948f45473",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "NixVirt": "NixVirt",
        "agenix": "agenix",
        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs",
--- a/flake.nix
+++ b/flake.nix
@ -8,6 +8,10 @@
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    NixVirt = {
      url = "https://flakehub.com/f/AshleyYakeley/NixVirt/*.tar.gz";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # k8nix = {
    #   url = "gitlab:luxzeitlos/k8nix/develop";
    #   inputs.nixpkgs.follows = "nixpkgs";
@ -20,6 +24,7 @@
      nixpkgs-k8s,
      flake-utils,
      agenix,
      NixVirt,            
    # k8nix,
    }:
    {
@ -33,6 +38,7 @@
      in
      {
        formatter = pkgs.nixfmt-tree;
        #apps = (import ./apps.nix pkgs pkgs-k8s);
        devShells.default = pkgs.mkShell {
          packages = with pkgs; [
            agenix.packages.${system}.default
--- a/hosts/common.nix
+++ b/hosts/common.nix
@ -0,0 +1,45 @@
 { config, lib, pkgs, ... }:
 {
  boot = {
    initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "megaraid_sas" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
    kernelModules = [ "kvm-intel" ];
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
    kernelPackages = pkgs.linuxPackages_latest;
  };
  fileSystems = {
    "/" = {
      device = "/dev/disk/by-label/ROOT";
      fsType = "ext4";
      options = [ "discard" "noatime" ];
    };
    "/boot" = {
      device = "/dev/disk/by-label/BOOT";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" "discard" "noatime" ];
    };
  };
  swapDevices = [];
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  time.timeZone = "Europe/Berlin";
  console = {
    font = "Lat2-Terminus16";
    useXkbConfig= true;
  };
  environment.systemPackages = with pkgs; [
    git
  ];
  system.stateVersion = "25.11";
 }
--- a/hosts/kaede/base.nix
+++ b/hosts/kaede/base.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 {
  boot = {
@ -8,7 +8,7 @@
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
-    kernelPakcages = pkgs.linuxPackages_latest;
+    kernelPackages = pkgs.linuxPackages_latest;
    swraid = {
      enable = true;
      mdadmConf = ''
@ -51,7 +51,7 @@
  ];
  virtualisation = {
-    useEFIBoot = true;
+    #useEFIBoot = true;
    libvirtd = {
      enable = true;
      nss.enableGuest = true;
--- a/hosts/kaede/default.nix
+++ b/hosts/kaede/default.nix
@ -1,7 +1,8 @@
 { ... }:
 {
  imports = [
    ./base.nix
    ./hardware.nix
    ./networking.nix
    ./users.nix
    ./programs.nix
--- a/hosts/kaede/hardware.nix
+++ b/hosts/kaede/hardware.nix
@ -1,6 +0,0 @@
 {}:
 {
  boot = {};
 }
--- a/hosts/kaede/networking.nix
+++ b/hosts/kaede/networking.nix
@ -10,19 +10,20 @@
    nftables.enable = true;
    useDHCP = false;
    nameservers = [
      "2606:4700:4700::1111#one.one.one.one"
      "2620:fe::fe#dns.quad9.net"
      "1.1.1.1#one.one.one.one"
-      "9.9.9.9"
+      "9.9.9.9#dns.quad9.net"
    ];
    defaultGateway = {
      address = "217.115.0.182";
      interface = "eno3";
    };
-    interface.eno3 = {
+    interfaces.eno3 = {
      ipv6.addresses = [{ address = "2a00:1328:e100:1::6d"; prefixLength = 127; }];
      ipv4.addresses = [{ address = "217.115.0.183"; prefixLength = 31; }];
    };
-    firewall = {
+    firewall.enable = true;
      enable = true;
    };
  };
 }
--- a/hosts/kaede/programs.nix
+++ b/hosts/kaede/programs.nix
@ -1,4 +1,4 @@
-{ ... }:
+{ pkgs, ... }:
 {
  programs = {
@ -7,11 +7,21 @@
      enable = true;
      defaultEditor = true;
    };
    htop = {
      enable = true;
      settings = {
        highlight_base_name = true;
        show_cpu_frequency = true;
        show_cpu_temperature = true;
        update_process_names = true;
        color_scheme = "6";
      };
    };
    tmux = {
      enable = true;
      terminal = "screen-256color";
      shortcut = "a";
-      plugins = with pkgs.tmuxPlugins; [];
+      plugins = with pkgs.tmuxPlugins; [ sensible ];
      newSession = true;
      historyLimit = 10000;
      clock24 = true;
--- a/hosts/kaede/services.nix
+++ b/hosts/kaede/services.nix
@ -6,7 +6,6 @@
      enable = true;
      ports = [ 10022 ];
      openFirewall = true;
      PrintMotd = true;
      banner = ''
                 __    __         __
               /'__`\ /\ \      /'_ `\
--- a/hosts/kaede/users.nix
+++ b/hosts/kaede/users.nix
@ -3,16 +3,20 @@
 {
  users.users.xengi = {
    isNormalUser = true;
-    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    extraGroups = [ "wheel" "libvirtd" ];
    shell = pkgs.fish;
    packages = with pkgs; [
      fastfetch
-      kitty
+      kitty # for terminfo
    ];
    openssh.authorizedKeys.keys = [
-"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMPtGqhV7io3mhIoZho4Yf7eCo0sUZvjT2NziM2PkXSo"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICW1+Ml8R9x1LCJaZ8bIZ1qIV4HCuZ6x7DziFW+0Nn5T xengi@kanae_2022-12-09"
-"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjv9W8WXq9QGkgmANNPQR24/I1Pm1ghxNIHftEI+jlZ"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmb+mJfo84IagUaRoDEqY9ROjjQUOQ7tMclpN6NDPrX xengi@kota_2022-01-16"
-"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICyklb7dvEHH0VBEMmTUQFKHN6ekBQqkDKj09+EilUIQ"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICyklb7dvEHH0VBEMmTUQFKHN6ekBQqkDKj09+EilUIQ xengi@lucy_2018-09-08"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjv9W8WXq9QGkgmANNPQR24/I1Pm1ghxNIHftEI+jlZ xengi@mayu_2021-06-11"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGhyfD+8jMl6FDSADb11sfAsJk0KNoVzjjiDRZjUOtmf xengi@nana_2019-08-16"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMPtGqhV7io3mhIoZho4Yf7eCo0sUZvjT2NziM2PkXSo xengi@nyu_2017-10-11"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILwYcSxbP6Hon//kZFIZJSHdqvsJ6AyCwH4JP9/t4q46 xengi@yuka_2020-12-16"
    ];
  };
 }
--- a/nixosConfigurations.nix
+++ b/nixosConfigurations.nix
@ -1,4 +1,4 @@
-{ nixpkgs, agenix, ... }:
+{ nixpkgs, agenix, NixVirt, ... }:
 let
  system = "x86_64-linux";
@ -21,6 +21,7 @@ let
        #};
      };
    }
    ./hosts/common.nix
  ];
  mkSystem =
    extraModules:
@ -30,7 +31,7 @@ let
    };
  mkControlPlaneNode =
    extraModules:
-    mkSystem [
+    mkSystem ([
      #./services/etcd.nix
      #./services/k8s.nix
      #./services/k8s-apiserver.nix
@ -39,20 +40,21 @@ let
      #./services/k8s-proxy.nix
      #./services/k8s-scheduler.nix
    ]
-    ++ extraModules;
+    ++ extraModules);
  mkWorkerNode =
    extraModules:
-    mkSystem [
+    mkSystem ([
      #./services/k8s.nix
      #./services/k8s-kubelet.nix
      #./services/k8s-proxy.nix
    ]
-    ++ extraModules;
+    ++ extraModules);
 in
 {
  "kaede" = nixpkgs.lib.nixosSystem {
    inherit system;
    modules = [
      NixVirt.nixosModules.default
      ./hosts/kaede
    ];
  };
--- a/services/etcd.nix
+++ b/services/etcd.nix
@ -2,7 +2,7 @@
 {
  services.etcd = {
-    enable = true
+    enable = true;
    package = pkgs.etcd_3_6;
  };
 }