[host/granodomus-lima] Add new host

.sops.yaml

@@ -6,6 +6,7 @@ keys:
   - &trochulus-hispidus age1un55h66zlhm4vmf7800q0c5n24zwpwvyllhmu68x33kkf2kwu9dsts8ztg
   - &murex-pecten age1txlfvwlahwjy3ujeefsp7ket5c575schwc24a07j4twu0jxzqgwse4n78a
   - &cornu-aspersum age1vrdd5yese20vcklv4dkclhfwhs5r9vufka8mevdxkt57fmukld5qj5r342
+  - &granodomus-lima age1vrdd5yese20vcklv4dkclhfwhs5r9vufka8mevdxkt57fmukld5qj5r342
   - &faunus-ater age1wwv873rqxtl7050n5uldy02tj2sft3yqvlqtjl2naazjvuk8yq2s7vflxt
   - &polymita-picta age1c9pnv970vt2c88u3ra4zxnhz6j76la4nm3ddcuws9a6mfpnw43lspaud83
 creation_rules:
@@ -62,6 +63,12 @@ creation_rules:
       - *malte
       age:
       - *cornu-aspersum
+  - path_regex: secrets/hosts/granodomus-lima/[^/]+\.yaml$
+    key_groups:
+    - pgp:
+      - *malte
+      age:
+      - *granodomus-lima
 
   # Home-manager secrets
   # TODO: Improve

flake.nix

@@ -107,6 +107,7 @@
       "helix-texta"
       "murex-pecten"
       "cornu-aspersum"
+      "granodomus-lima"
       "trochulus-hispidus"
       "radix-balthica"
       "faunus-ater"
@@ -215,6 +216,13 @@
             inputs.glados.nixosModules.glados
           ];
         };
+        granodomus-lima = {...}: {
+          imports = [
+            ./hosts/granodomus-lima.nix
+            ./hardware/netcup-vps-200-g10.nix
+            ./modules/nginx-reverse-proxy.nix
+          ];
+        };
         trochulus-hispidus = {pkgs, ...}: {
           imports = [
             ./hosts/trochulus-hispidus.nix

hardware/netcup-vps-200-g10.nix

@@ -0,0 +1,18 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
+
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+  };
+
+  swapDevices = [{device = "/dev/disk/by-label/swap";}];
+}

hosts/granodomus-lima.nix

@@ -0,0 +1,84 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/sda";
+
+  networking.hostId = "94d74a20";
+  networking.hostName = "granodomus-lima";
+  networking.interfaces.ens3.useDHCP = true;
+
+  settings.ssh.openOutsideVPN = true;
+
+  users.users = {
+    root = {
+      hashedPassword = "$6$Yb1gdlKIpY1hRW1X$uUcNFuNnK2JFFN55Tkc.fPV.4I7RJvIfLEQayVP1utfkmjF0f/EHjtypxq11jR5NUUIJFQLW6ffajjduA2689.";
+    };
+  };
+
+  sops.defaultSopsFile = ../secrets/hosts/granodomus-lima/secrets.yaml;
+  sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+
+  # Run radicale with infcloud interface for me and Marie
+  services.radicaleWithInfcloud.enable = true;
+
+  services.qemuGuest.enable = true;
+
+  services.bind = {
+    enable = true;
+    cacheNetworks = ["any"];
+    forwarders = ["100.100.100.100"];
+    listenOn = ["any"];
+    listenOnIpv6 = ["any"];
+    zones."home" = let
+      granodomus-lima = {
+        v4 = "100.86.42.110";
+        v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6256:2a6e";
+      };
+      faunus-ater = {
+        v4 = "100.108.135.4";
+        v6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704";
+      };
+      point = domain: host: ''
+        ${domain} AAAA ${host.v6}
+        ${domain} A    ${host.v4}
+      '';
+    in {
+      master = true;
+      # TODO: Fix TTLs
+      file = pkgs.writeText "home-zone" ''
+        $TTL   1
+        @      IN    SOA  home. malte.home. (
+                          5     ; Serial
+                          1  ; Refresh
+                          1  ; Retry
+                          1  ; Expire
+                          1) ; Negative Cache TTL
+        @            NS    home.
+        ${point "home." granodomus-lima}
+        ${point "foto" faunus-ater}
+        ${point "mc" granodomus-lima}
+        ${point "doc" faunus-ater}
+        ${point "sheet" faunus-ater}
+        ${point "media" faunus-ater}
+        ${point "file" faunus-ater}
+        ${point "stats" faunus-ater}
+        ${point "cache" faunus-ater}
+        ${point "hydra" faunus-ater}
+      '';
+    };
+  };
+  networking.firewall.allowedTCPPorts = [53];
+  networking.firewall.allowedUDPPorts = [53];
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.05"; # Did you read the comment?
+}