🔥

.editorconfig

@@ -0,0 +1,13 @@
+# EditorConfig is awesome: https://editorconfig.org
+
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+
+[*.nix]
+indent_style = space
+indent_size = 2
+

.gitignore

@@ -1,5 +1,7 @@
-# Created by https://www.toptal.com/developers/gitignore/api/windows,linux,macos,direnv,vim,emacs,visualstudiocode,jetbrains+all,nix
-# Edit at https://www.toptal.com/developers/gitignore?templates=windows,linux,macos,direnv,vim,emacs,visualstudiocode,jetbrains+all,nix
+result
+
+# Created by https://www.toptal.com/developers/gitignore/api/windows,linux,macos,direnv,vim,emacs,visualstudiocode,jetbrains+all
+# Edit at https://www.toptal.com/developers/gitignore?templates=windows,linux,macos,direnv,vim,emacs,visualstudiocode,jetbrains+all
 
 ### direnv ###
 .direnv
@@ -190,8 +192,6 @@ Temporary Items
 # iCloud generated files
 *.icloud
 
-#!! ERROR: nix is undefined. Use list command to see defined gitignore types !!#
-
 ### Vim ###
 # Swap
 [._]*.s[a-v][a-z]
@@ -257,4 +257,4 @@ $RECYCLE.BIN/
 # Windows shortcuts
 *.lnk
 
-# End of https://www.toptal.com/developers/gitignore/api/windows,linux,macos,direnv,vim,emacs,visualstudiocode,jetbrains+all,nix
+# End of https://www.toptal.com/developers/gitignore/api/windows,linux,macos,direnv,vim,emacs,visualstudiocode,jetbrains+all

apps.nix

@@ -0,0 +1,9 @@
+{ pkgs, pkgs-k8s, ... }:
+
+let
+  mkApp = {};
+in
+{
+  
+}
+

flake.lock

@@ -1,5 +1,24 @@
 {
   "nodes": {
+    "NixVirt": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1748140003,
+        "narHash": "sha256-DNBZmuk1YRM2PmwbHzVdXumRjCUzQkMarg4iI/37rOQ=",
+        "rev": "5dfe108fd859b122f9a96981cb6bc12297653d6c",
+        "revCount": 407,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/AshleyYakeley/NixVirt/0.6.0/0197059a-e45f-7446-86b5-411ccc894ab0/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/AshleyYakeley/NixVirt/%2A.tar.gz"
+      }
+    },
     "agenix": {
       "inputs": {
         "darwin": "darwin",
@@ -102,22 +121,23 @@
     },
     "nixpkgs-k8s": {
       "locked": {
-        "lastModified": 1763378238,
-        "narHash": "sha256-Q0rIDYv83RF5o5cm+JMCDAkWByNk8HMGgFDHjDTQc/I=",
+        "lastModified": 1765836122,
+        "narHash": "sha256-L6UU7Q/EWQWLrH6yzOrOrW8zWeK9RKP0EKNeaBgRzr8=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c05d8d4121d466c8a57b81130ba8ae7551d4f769",
+        "rev": "771c08bfa8c7da5ab251a1d0d56fb01948f45473",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c05d8d4121d466c8a57b81130ba8ae7551d4f769",
+        "rev": "771c08bfa8c7da5ab251a1d0d56fb01948f45473",
         "type": "github"
       }
     },
     "root": {
       "inputs": {
+        "NixVirt": "NixVirt",
         "agenix": "agenix",
         "flake-utils": "flake-utils",
         "nixpkgs": "nixpkgs",

flake.nix

@@ -8,6 +8,10 @@
       url = "github:ryantm/agenix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    NixVirt = {
+      url = "https://flakehub.com/f/AshleyYakeley/NixVirt/*.tar.gz";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     # k8nix = {
     #   url = "gitlab:luxzeitlos/k8nix/develop";
     #   inputs.nixpkgs.follows = "nixpkgs";
@@ -20,6 +24,7 @@
       nixpkgs-k8s,
       flake-utils,
       agenix,
+      NixVirt,            
     # k8nix,
     }:
     {
@@ -33,6 +38,7 @@
       in
       {
         formatter = pkgs.nixfmt-tree;
+        #apps = (import ./apps.nix pkgs pkgs-k8s);
         devShells.default = pkgs.mkShell {
           packages = with pkgs; [
             agenix.packages.${system}.default

hosts/common.nix

@@ -0,0 +1,45 @@
+{ config, lib, pkgs, ... }:
+
+{
+  boot = {
+    initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "megaraid_sas" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+    kernelModules = [ "kvm-intel" ];
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+    kernelPackages = pkgs.linuxPackages_latest;
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/ROOT";
+      fsType = "ext4";
+      options = [ "discard" "noatime" ];
+    };
+    "/boot" = {
+      device = "/dev/disk/by-label/BOOT";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" "discard" "noatime" ];
+    };
+  };
+
+  swapDevices = [];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  time.timeZone = "Europe/Berlin";
+
+  console = {
+    font = "Lat2-Terminus16";
+    useXkbConfig= true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    git
+  ];
+
+  system.stateVersion = "25.11";
+}
+

hosts/kaede/base.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 {
   boot = {
@@ -8,7 +8,7 @@
       systemd-boot.enable = true;
       efi.canTouchEfiVariables = true;
     };
-    kernelPakcages = pkgs.linuxPackages_latest;
+    kernelPackages = pkgs.linuxPackages_latest;
     swraid = {
       enable = true;
       mdadmConf = ''
@@ -51,7 +51,7 @@
   ];
 
   virtualisation = {
-    useEFIBoot = true;
+    #useEFIBoot = true;
     libvirtd = {
       enable = true;
       nss.enableGuest = true;

hosts/kaede/default.nix

@@ -1,7 +1,8 @@
+{ ... }:
+
 {
   imports = [
     ./base.nix
-    ./hardware.nix
     ./networking.nix
     ./users.nix
     ./programs.nix

hosts/kaede/hardware.nix

@@ -1,6 +0,0 @@
-{}:
-
-{
-  boot = {};
-}
-

hosts/kaede/networking.nix

@@ -10,19 +10,20 @@
     nftables.enable = true;
     useDHCP = false;
     nameservers = [
+      "2606:4700:4700::1111#one.one.one.one"
+      "2620:fe::fe#dns.quad9.net"
       "1.1.1.1#one.one.one.one"
-      "9.9.9.9"
+      "9.9.9.9#dns.quad9.net"
     ];
     defaultGateway = {
       address = "217.115.0.182";
       interface = "eno3";
     };
-    interface.eno3 = {
+    interfaces.eno3 = {
+      ipv6.addresses = [{ address = "2a00:1328:e100:1::6d"; prefixLength = 127; }];
       ipv4.addresses = [{ address = "217.115.0.183"; prefixLength = 31; }];
     };
-    firewall = {
-      enable = true;
-    };
+    firewall.enable = true;
   };
 }
 

hosts/kaede/programs.nix

@@ -1,4 +1,4 @@
-{ ... }:
+{ pkgs, ... }:
 
 {
   programs = {
@@ -7,11 +7,21 @@
       enable = true;
       defaultEditor = true;
     };
+    htop = {
+      enable = true;
+      settings = {
+        highlight_base_name = true;
+        show_cpu_frequency = true;
+        show_cpu_temperature = true;
+        update_process_names = true;
+        color_scheme = "6";
+      };
+    };
     tmux = {
       enable = true;
       terminal = "screen-256color";
       shortcut = "a";
-      plugins = with pkgs.tmuxPlugins; [];
+      plugins = with pkgs.tmuxPlugins; [ sensible ];
       newSession = true;
       historyLimit = 10000;
       clock24 = true;

hosts/kaede/services.nix

@@ -6,7 +6,6 @@
       enable = true;
       ports = [ 10022 ];
       openFirewall = true;
-      PrintMotd = true;
       banner = ''
                  __    __         __
                /'__`\ /\ \      /'_ `\

hosts/kaede/users.nix

@@ -3,16 +3,20 @@
 {
   users.users.xengi = {
     isNormalUser = true;
-    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    extraGroups = [ "wheel" "libvirtd" ];
     shell = pkgs.fish;
     packages = with pkgs; [
       fastfetch
-      kitty
+      kitty # for terminfo
     ];
     openssh.authorizedKeys.keys = [
-"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMPtGqhV7io3mhIoZho4Yf7eCo0sUZvjT2NziM2PkXSo"
-"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjv9W8WXq9QGkgmANNPQR24/I1Pm1ghxNIHftEI+jlZ"
-"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICyklb7dvEHH0VBEMmTUQFKHN6ekBQqkDKj09+EilUIQ"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICW1+Ml8R9x1LCJaZ8bIZ1qIV4HCuZ6x7DziFW+0Nn5T xengi@kanae_2022-12-09"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmb+mJfo84IagUaRoDEqY9ROjjQUOQ7tMclpN6NDPrX xengi@kota_2022-01-16"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICyklb7dvEHH0VBEMmTUQFKHN6ekBQqkDKj09+EilUIQ xengi@lucy_2018-09-08"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjv9W8WXq9QGkgmANNPQR24/I1Pm1ghxNIHftEI+jlZ xengi@mayu_2021-06-11"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGhyfD+8jMl6FDSADb11sfAsJk0KNoVzjjiDRZjUOtmf xengi@nana_2019-08-16"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMPtGqhV7io3mhIoZho4Yf7eCo0sUZvjT2NziM2PkXSo xengi@nyu_2017-10-11"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILwYcSxbP6Hon//kZFIZJSHdqvsJ6AyCwH4JP9/t4q46 xengi@yuka_2020-12-16"
     ];
   };
 }

nixosConfigurations.nix

@@ -1,4 +1,4 @@
-{ nixpkgs, agenix, ... }:
+{ nixpkgs, agenix, NixVirt, ... }:
 
 let
   system = "x86_64-linux";
@@ -21,6 +21,7 @@ let
         #};
       };
     }
+    ./hosts/common.nix
   ];
   mkSystem =
     extraModules:
@@ -30,7 +31,7 @@ let
     };
   mkControlPlaneNode =
     extraModules:
-    mkSystem [
+    mkSystem ([
       #./services/etcd.nix
       #./services/k8s.nix
       #./services/k8s-apiserver.nix
@@ -39,20 +40,21 @@ let
       #./services/k8s-proxy.nix
       #./services/k8s-scheduler.nix
     ]
-    ++ extraModules;
+    ++ extraModules);
   mkWorkerNode =
     extraModules:
-    mkSystem [
+    mkSystem ([
       #./services/k8s.nix
       #./services/k8s-kubelet.nix
       #./services/k8s-proxy.nix
     ]
-    ++ extraModules;
+    ++ extraModules);
 in
 {
   "kaede" = nixpkgs.lib.nixosSystem {
     inherit system;
     modules = [
+      NixVirt.nixosModules.default
       ./hosts/kaede
     ];
   };

services/etcd.nix

@@ -2,7 +2,7 @@
 
 {
   services.etcd = {
-    enable = true
+    enable = true;
     package = pkgs.etcd_3_6;
   };
 }