rigel machine (Zima board) is running NixOS

2025-07-25 11:18:52 +07:00
parent f72bb82382
commit 99c3ee6ffe
16 changed files with 3731 additions and 0 deletions
--- a/inventories/default.nix
+++ b/inventories/default.nix
@@ -16,6 +16,10 @@
    };
    inventory = {
      machines = {
        rigel.deploy.targetHost = "root@rigel.local";
      };
      instances = {
        admin = {
          module = {
--- a/machines/rigel/configuration.nix
+++ b/machines/rigel/configuration.nix
@@ -0,0 +1,3 @@
 {
  system.stateVersion = "25.11";
 }
--- a/machines/rigel/disko.nix
+++ b/machines/rigel/disko.nix
@@ -0,0 +1,50 @@
 # ---
 # schema = "single-disk"
 # [placeholders]
 # mainDisk = "/dev/disk/by-id/mmc-C9A551_0x157f3bd0"
 # ---
 # This file was automatically generated!
 # CHANGING this configuration requires wiping and reinstalling the machine
 {
  boot.loader.grub.efiSupport = true;
  boot.loader.grub.efiInstallAsRemovable = true;
  boot.loader.grub.enable = true;
  disko.devices = {
    disk = {
      main = {
        name = "main-598d9832330c4a02b021deca9caa267b";
        device = "/dev/disk/by-id/mmc-C9A551_0x157f3bd0";
        type = "disk";
        content = {
          type = "gpt";
          partitions = {
            "boot" = {
              size = "1M";
              type = "EF02"; # for grub MBR
              priority = 1;
            };
            ESP = {
              type = "EF00";
              size = "500M";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
                mountOptions = [ "umask=0077" ];
              };
            };
            root = {
              size = "100%";
              content = {
                type = "filesystem";
                format = "ext4";
                mountpoint = "/";
              };
            };
          };
        };
      };
    };
  };
 }
--- a/machines/rigel/facter.json
+++ b/machines/rigel/facter.json
--- a/sops/machines/rigel/key.json
+++ b/sops/machines/rigel/key.json
@@ -0,0 +1,6 @@
 [
  {
    "publickey": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g",
    "type": "age"
  }
 ]
--- a/sops/secrets/rigel-age.key/secret
+++ b/sops/secrets/rigel-age.key/secret
@@ -0,0 +1,15 @@
 {
 	"data": "ENC[AES256_GCM,data:WJO4V1cuzrxw1tg034RNG4f7X2N6pLFE1VIsjkWfUoKSScBbi8e4m62M5WpM6P7f/2/FHxQWRhWcwa3clHXoCCQmNa7j8UIkkik=,iv:qcqQBaJQkpMJimh7xU0u6p9v9uqf1KyvMlePP2k6e78=,tag:5XuWJcODVTRYM6twHEwOxQ==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyQzVPVHBBb3l6RzFtNUwv\nSGVkQ1BuMnFiREVjY0lJbnppUjRxNnNBQlZVCkdqN2lGMmp1OFZUNG1tbmFZRklk\nL0xzMEdvemtSQnNGOVNjOXEyM21NYlkKLS0tIEdwWEZpY3JZK1phRU8rSmExVENR\nWkZnRjhKZ2duNDZkVnpHQU1FakpGYzAK/wnN9n5MMUnzDJC7PWrOcO+TbiuTbSPX\n5BKJbuBLw3Qokbh8fT9VUX8UsExw+UaaPnXPcbYX4xhBhiZ0RTmyMw==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
 		"lastmodified": "2025-07-25T02:12:20Z",
 		"mac": "ENC[AES256_GCM,data:36VgVubO5xybFuFu7lX73XBlODhUTg2sLfi1e8fqHkPPwtYylgORuXyypsZOTF0LSJS1VbU0NZjU9fvQpjMY2Sl7BxdqQKfz0OG8iuYloHmQM26QQ9TPDYIHvIJrCYIdKJSl83IqLZq+IWbInTha3xrTeH7MlgWII3mJSCPQiPM=,iv:7eR2YYBbApScElcNxg77F7rb6OLuc+2x1IVN56aJADM=,tag:LLfCm1jGkvs56SfkjqRZXQ==,type:str]",
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.10.2"
 	}
 }
--- a/sops/secrets/rigel-age.key/users/kurogeek
+++ b/sops/secrets/rigel-age.key/users/kurogeek
@@ -0,0 +1 @@
 ../../../users/kurogeek
--- a/vars/per-machine/rigel/openssh/ssh.id_ed25519.pub/value
+++ b/vars/per-machine/rigel/openssh/ssh.id_ed25519.pub/value
@@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABopddhOTgcL5MqbJQRDtlntkSyqHW81V5/3cqA+5Ng 
--- a/vars/per-machine/rigel/openssh/ssh.id_ed25519/machines/rigel
+++ b/vars/per-machine/rigel/openssh/ssh.id_ed25519/machines/rigel
@@ -0,0 +1 @@
 ../../../../../../sops/machines/rigel
--- a/vars/per-machine/rigel/openssh/ssh.id_ed25519/secret
+++ b/vars/per-machine/rigel/openssh/ssh.id_ed25519/secret
@@ -0,0 +1,19 @@
 {
 	"data": "ENC[AES256_GCM,data:ybDkbFKXD0deLPfJXFMusjLO0/oRVGmuRNuk9pXrmDjJVCZx0kZYKKFKngARZPmZL+j36NpMB7mz1qlrzMSl6/9EEe0FKQHnJYliQTsd8b0U83P2hTSR25qc1YVny0NcDCToBlGXDITMLiUmh4WJdttRdppQJXtYrUUuaSLfaXy8wm1YbwzLPGr+VxX5fTgw93JU59GNMRWzbEuEUt8NCV30hyDT7EvbTUfhR6IdMM/4Xhbl7X1JlnhgRgRKIempYQi1hP24JnFpgrm3lleXAIZc4ACK7KYpo1aodid6N88ANWDqd0nNrTWDNb8EajTum41/zbEl3hYQ4CmgzYExB9ZdiefIU821hakQeXa27yIOP7m9e/zUIJl0yH+LsiV+3iec7qQWI86iBmeh4zYMSIQ3zTDNXIlgcglTjpzF3OfH4shIt40ieOuwJCMHM8XyapCtgW74Tc9/4Z4oxxwTnnWzM9lpKdJFOfMYz8CTJPQMm5HPDrMdjrccKaN3XTD24ll4,iv:7PcyaWekwoNvLYtDJeObFz36sUcwiW7MwzZNB7nMeQk=,tag:TIveZa3Sg6aOQc6DFz/QTw==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiSHNvb1lZWnpkQWd2UEs0\nUk9CL2E2d1VSdzhpSTVKTnM0cmRqWndNb3hvCmtreFBacnQwdGNpSVFmY0J6R1Nl\ncFczTkpjaEpxcGdtcW1JaUpxUHpKZkEKLS0tIFBndDA4aU02M040U2ZuOE5HcWxO\neXdzZUhMSURhNXVFaDVwNzFqZkNhUWcKrjanrjMbRpJvXqKG/K1LvZxDFatcYYiO\nWs/Bg+3pLddus87Hv3qTqL7L25BdNeHfZjrxo34t0u+0b5bYTGwEgQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3T3ZBdXZYYVdabTBMbk5J\nMUJScm1pTC9jK2ZEQWh2RzdkWjlJVENBd0VzCmI1cGVaczFlWU1wUWpXZy9nZFkx\nRmtBb1c5Rk5Jc3NoOWdMbXRNRTRpWXMKLS0tIFdJV3ZQak9sQS9Gb0pWUzl4anRV\neUVoMHVMNFN3VEpneCswNktVQjhSRkUK2aU2tZ9zhKbQw8FnjqEsnjjDc7C6DGoO\nOyUkJOqt9QexJJzYosXp5tUW0vI2R5Abc4NsBWD4qTFaQLSeiVwq3A==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
 		"lastmodified": "2025-07-25T02:12:20Z",
 		"mac": "ENC[AES256_GCM,data:o8RBxXgCsSpc8a0zURuJg7dAlIophJ2Cj6vRWnllaJCcWJ5Ip3sHuf7LdvWNJ0PHxDGsiqZmNGvdOGsnua7JQ/hW1GMfQEDGerHMkzY43a2EvhDyf/c0spd9urmTUKvKTlRtdFR9UJ19yk06Z7i2iZmRBHI79duNNmkdVbn+JeE=,iv:6WC560J1u/MyZZNkuT4eW1+4Z7Ft6HRZEsLHcgOoJYo=,tag:WZ4LeaWgP7tPOdbX6XU3KA==,type:str]",
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.10.2"
 	}
 }
--- a/vars/per-machine/rigel/openssh/ssh.id_ed25519/users/kurogeek
+++ b/vars/per-machine/rigel/openssh/ssh.id_ed25519/users/kurogeek
@@ -0,0 +1 @@
 ../../../../../../sops/users/kurogeek
--- a/vars/per-machine/rigel/root-password/password-hash/machines/rigel
+++ b/vars/per-machine/rigel/root-password/password-hash/machines/rigel
@@ -0,0 +1 @@
 ../../../../../../sops/machines/rigel
--- a/vars/per-machine/rigel/root-password/password-hash/secret
+++ b/vars/per-machine/rigel/root-password/password-hash/secret
@@ -0,0 +1,19 @@
 {
 	"data": "ENC[AES256_GCM,data:ryGITluWZ3VQQmgLV4X28uUwku4EZQwow1rufMiIyTdl+EQFDHfFOp1knVBU5RO5Id6Vsvnh1Q8jU7KdkjnM7HS/+qwe3w5BBRvKrS6WioY0FnyplrTV2wL9Xc6FZuopWpzHX3D+BDJEQQ==,iv:g2S4XxpUN6d7sj+mm7iK/AbXMi37EtWPGSjmUWkI4nM=,tag:vbG8KJk7XqUMsvaPhQztQQ==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4LzEyVDNDY24wVU5tdlUx\nSnBlWVVVbnBETVpKM3pqMWY5S0UzVm9MRVJNCm9OMzk1SG9DSmFPUEJWMUVpdDRC\nV2NBV3dLT0sra2hBZWFkalRMRUpGU1EKLS0tIG1FZFpIb2svdlhYOXNRcnBtSkRO\nbTZmcE90TFRrcGhBRndmd3ZqYXFyM3cKuGcOwRhp1PL1jQ7/8sunlGawJatHcd0u\nQxyndvAPO9J3YAe8xLLPoLNtPODc4UdGWvOBYr+PHAN4YXwfoRi95g==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YXVSZ2JLdlY0akFUMTZY\nODJTSGhleVcvaEdHanJKbGl4R01BZFF4M1cwCnkwZWN4WTNENWplNElmU2FiRXhG\nYjJHTEU4RTd2NWtjVnZkQW5RRkV2T2cKLS0tIFYreTZ0dzd6czNtdzNtbkJaNGdj\nMEpxemovcVZCZDRQNHgvRWxFdzRJY2cKD+WyAv9IfUzWHG518Ytv9ARpRM2pHs0w\nIxjKG11O7pxzUZYpjtZSxNmimWb1+dq/VAxkq2afeWYBxTzzOAmh6A==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
 		"lastmodified": "2025-07-25T02:22:53Z",
 		"mac": "ENC[AES256_GCM,data:yL1x1kNOkqXaTIfrsL61Ity402eLuGJvE44ezTNK6o+Hn0t4ZRtBYYfidF8Icboae9QvlyRBMwJDwfo2Ig+2cQJnUEFUH1ubFoa9L37RqKXj/nfTDkJsQ46eVPHahoYuC1N3ky1mwrcNtJqC9aR9ANBdTEMqFEyXPdN6yxwDK9I=,iv:Yk82C6aVt62OV6PSRSdxjwSobuessyniNDLXY1qQsPM=,tag:Aj6T8uy360rSbgybWEhGjg==,type:str]",
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.10.2"
 	}
 }
--- a/vars/per-machine/rigel/root-password/password-hash/users/kurogeek
+++ b/vars/per-machine/rigel/root-password/password-hash/users/kurogeek
@@ -0,0 +1 @@
 ../../../../../../sops/users/kurogeek
--- a/vars/per-machine/rigel/root-password/password/secret
+++ b/vars/per-machine/rigel/root-password/password/secret
@@ -0,0 +1,15 @@
 {
 	"data": "ENC[AES256_GCM,data:/LlNZMgA4IGTuko4og/BGQrQYcdsfSipxoYnSMYCiRzsjaZ3rKkPX6g=,iv:xcKWB1GeOE5lit49VX5aj/Aybtva5TBPiYIJ1rbKB58=,tag:ZDSU1z+b502venKHp4YdWg==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUWld3KzIwNkpoZ3U1NU1R\nVkRZaSt0TVE0OWxWU29JeUt1L0RwOHhwd2dJCmhqMERRTStHRklxeWpaTW5vZ3lZ\nQUg2dzI0Z0tBWk1lL2JOY0VGR3FqL0kKLS0tIHM0RXRZMUZ6VUdUbjBrQmVRdXdW\nSVQvVXdxb29RellHVTI0SlRVR3huNm8KPecjjCf9DxHj0oBJ82w1GTtBKQIdsHar\nmHCHk6n5Pp91SH/Xq/fDMWzi11eVSShs6XEG/fJuMCamXpOjxOQkNg==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
 		"lastmodified": "2025-07-25T02:22:53Z",
 		"mac": "ENC[AES256_GCM,data:QA8je/YCZGSaIDpu+mgyGFWQUDrhNr8zIdBskirkvXE0B19yglbf3zayHgHaNXjmhsle3OiUimkRk/qOmqhcDo0W8xbFi/HdZn0k+FzbSs3ha+fI4o51Re6ZyvKHMqSdh4Qzb5czTJUu185rFv0up4thV1P8n8uHs76bp5FgGzs=,iv:yoUvCj2mLDICexJLSFWuAXf2pJRlp86QiaBk3aBPeIQ=,tag:tzh8rI7FjvJFGbtmmR/oog==,type:str]",
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.10.2"
 	}
 }
--- a/vars/per-machine/rigel/root-password/password/users/kurogeek
+++ b/vars/per-machine/rigel/root-password/password/users/kurogeek
@@ -0,0 +1 @@
 ../../../../../../sops/users/kurogeek
		`@@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABopddhOTgcL5MqbJQRDtlntkSyqHW81V5/3cqA+5Ng`