Merge branch 'Vanderscycle:main' into main

Author: vancycles-knak

nix-darwin/flakes/monolith/.sops.yaml

@@ -0,0 +1,7 @@
+keys:
+  - &primary age1df2u7xvze6rq5utz74ckx059wr3z97j484wc04063437h6hn4v6s9auec3
+creation_rules:
+  - path_regex: secrets/.*\.yaml$
+    key_groups:
+      - age:
+        - *primary

nix-darwin/flakes/monolith/configuration.nix

@@ -0,0 +1,164 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+
+{
+  config,
+  inputs,
+  pkgs,
+  meta,
+  ...
+}:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  nix = {
+    optimise.automatic = true;
+    settings = {
+      experimental-features = "nix-command flakes";
+    };
+    gc = {
+      automatic = true;
+      options = "--delete-older-than 14d";
+    };
+    nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; # for nix.nix
+  };
+
+  nixpkgs = {
+    hostPlatform = "x86_64-linux";
+    config.allowUnfree = true;
+  };
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader = {
+    grub.enable = true;
+    grub.device = "/dev/sda"; # Install GRUB to the MBR
+    efi.canTouchEfiVariables = false; # Disable EFI settings since you're using legacy boot.
+  };
+
+  # Set your time zone.
+  time.timeZone = "America/Vancouver";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+    #useXkbConfig = true; # use xkb.options in tty.
+  };
+
+  users.users.${meta.username} = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    packages = with pkgs; [
+      tree
+    ];
+    # Created using mkpasswd
+    hashedPassword = "$6$NQrAUhx13piyrmgZ$GFNEe2v/1tbRO5M3806EWcsoHifN1GIIzhLz.hsVv8Ug3nKgLzP/PMm6MzAS.XRJwzfpdK28LdMLG9uIRtibn/";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCpHZBybBTCsCyW6/Q4OZ07SvUpRUvclc10u25j0B+Q hvandersleyen@gmail.com"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    sops
+    git
+    vim
+    factorio-headless
+    iptables
+  ];
+
+  sops = {
+    defaultSopsFile = ./secrets/secrets.yaml;
+    defaultSopsFormat = "yaml";
+
+    age.keyFile = "/home/${meta.username}/.config/sops/age/keys.txt";
+    secrets = {
+      "game-password" = {
+        owner = meta.username;
+      };
+      "token" = {
+        owner = meta.username;
+      };
+      "admin" = {
+        owner = meta.username;
+      };
+    };
+  };
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  systemd.tmpfiles.rules = [
+    # Copy/Link the save file (use either C or L)
+    "C /var/lib/factorio/saves/save1.zip - - - - ${builtins.path { path = ./save1.zip; }}"
+  ];
+  services.factorio = {
+    bind = "192.168.4.129";
+    enable = true;
+    public = true;
+    username = builtins.readFile config.sops.secrets."admin".path;
+    token = builtins.readFile config.sops.secrets."token".path;
+    openFirewall = true;
+    stateDirName = "factorio";
+    extraSettingsFile = pkgs.writeText "server-settings.json" (
+      builtins.toJSON {
+        game-password = builtins.readFile config.sops.secrets."game-password".path;
+      }
+    );
+    extraSettings = {
+      max_players = 16;
+    };
+    autosave-interval = 20;
+    # When not present in /var/lib/${config.services.factorio.stateDirName}/saves, a new map with default settings will be generated before starting the service.
+    saveName = "save1";
+    game-name = "[NixOs] factorio";
+    description = "Factorio on nixos";
+    admins = [
+      (builtins.readFile config.sops.secrets."admin".path)
+    ];
+  };
+
+  # networking
+  networking = {
+    defaultGateway = "192.168.4.1"; # Point to Proxmox
+    nameservers = [ "192.168.1.1" ]; # Ensure DNS resolution
+    hostName = meta.hostname; # Define your hostname.
+    networkmanager.enable = true; # Easiest to use and most distros use this by default.
+    firewall = {
+      enable = false;
+      allowedUDPPorts = [ 34197 ]; # Explicitly open Factorio port
+      allowedTCPPorts = [ 27015 ];
+    };
+  };
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "25.05"; # Did you read the comment?
+
+}

nix-darwin/flakes/monolith/flake.nix

@@ -0,0 +1,44 @@
+{
+  description = "Monolith homelab";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+
+    quadlet-nix = {
+      url = "github:SEIAROTg/quadlet-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs =
+    inputs@{
+      self,
+      quadlet-nix,
+      nixpkgs,
+      sops-nix,
+      ...
+    }:
+    {
+      nixosConfigurations = {
+        monolith = nixpkgs.lib.nixosSystem rec {
+          specialArgs = {
+            meta = {
+              hostname = "monolith";
+              username = "monolith";
+            };
+            system = "x86_64-linux";
+            inherit inputs;
+          } // inputs;
+          modules = [
+            ./configuration.nix
+            quadlet-nix.nixosModules.quadlet
+          ];
+        };
+      };
+    };
+}

nix-darwin/flakes/monolith/hardware-configuration.nix

@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/c5f8f80a-cb86-49a7-aafa-a4ca7fccd9f0";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp6s18.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

nix-darwin/flakes/monolith/save1.zip

@@ -0,0 +1,18 @@
+game-password: ENC[AES256_GCM,data:R2C02AUuaXVgaI+0/yHwfg==,iv:eRJNwnpvUjBNQcjfZ6EkHq58T2SsilP30QXxApWjwT4=,tag:aKiJuPKOnImSEE6aDbjCdg==,type:str]
+admin: ENC[AES256_GCM,data:eDmssivECpqWCek=,iv:KBk0i5vs8//DYBGJG2NPKRVEkQn/zhkRxY/3Nh26hJQ=,tag:BRqhacHW9UmD+IVcFLOsVQ==,type:str]
+token: ENC[AES256_GCM,data:sF1Z4aFEyutuAo6SlXMEqu0/KDVLRr0xNBCktUZj,iv:g48K3ehppX7UlGnNRzFY+czhtCZOsTA0vid1zkRpc3A=,tag:222VA0Be9aYRyCgvIeCqQQ==,type:str]
+sops:
+    age:
+        - recipient: age1df2u7xvze6rq5utz74ckx059wr3z97j484wc04063437h6hn4v6s9auec3
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDekFPcnNRNHZlSzVkWm51
+            MzdXTTUySVkxNFdGSDM1SzBDUjF0MUJXMlhBCnczMUJzVHRaZ1BJaEZtTFlDU0Rt
+            ME1XT2dUdlVBWS9IT2NNTGZpWEhyV3MKLS0tIC9UcjExMHZMTlFTek1MZWtUYWdp
+            UEt1NmxlRXFHc29IeisxZUVFMGVTVVEKSGueDRDgLWaGlwKqVKlsehufZEKxF/wb
+            EBKkrbHHwsumMS2LNC7/dVU1165IvVRFRvXYa8NW0dlYXjvE6l4yog==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-05-24T05:13:47Z"
+    mac: ENC[AES256_GCM,data:+jdHFf6jawgNoTsGMEz9nMDgzn/T2CFbFP2l8WzkAbSVo46cofm9mg/i1kg60jh2bqAkZYotrUPaVyuh0phAtWTVsxVMt1x0orFfJeRPoYehtuaKI6uXmiJmXs8LWo5PavUOe9CyGGRyic6uz7A9i7wDhBfJHkM1ht0jTzaPdZI=,iv:nRYKwTEjoCRhc4k4ZZkPDaQg6PlwdI/q2XyBBR30o+w=,tag:lnyy7DRizclUatp69nPEpw==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2

nix-darwin/flakes/monolith/secrets/secrets.yaml

@@ -21,22 +21,6 @@
     ./sops.nix
   ];
 
-  systemd.user.startServices = "sd-switch";
-  virtualisation.quadlet.containers = {
-    echo-server = {
-      autoStart = true;
-      serviceConfig = {
-        RestartSec = "10";
-        Restart = "always";
-      };
-      containerConfig = {
-        image = "docker.io/mendhak/http-https-echo:31";
-        publishPorts = [ "127.0.0.1:8080:8080" ];
-        userns = "keep-id";
-      };
-    };
-  };
-
   system.stateVersion = "25.05";
   boot.extraModprobeConfig = ''options bluetooth disable_ertm=1 '';
   # cron

nix-darwin/users/henri/configuration.nix

@@ -3,6 +3,7 @@
 
 {
   config,
+  inputs,
   username,
   pkgs,
   lib,
@@ -20,15 +21,37 @@
     ../../home-modules/window-managers/hyprland
     # bar
     ../../home-modules/status-bars/waybar
+    inputs.quadlet-nix.homeManagerModules.quadlet
   ];
 
+  # TODO: move this to a vm called homelab monolith add factorio, nextcloud
+  systemd.user.startServices = "sd-switch";
+  virtualisation.quadlet.containers = {
+    echo-server = {
+      autoStart = true;
+      serviceConfig = {
+        RestartSec = "10";
+        Restart = "always";
+      };
+      containerConfig = {
+        image = "docker.io/mendhak/http-https-echo:31";
+        publishPorts = [ "127.0.0.1:8080:8080" ];
+        userns = "keep-id";
+      };
+    };
+  };
   # services
   dunst.enable = lib.mkForce false;
   fcitx.enable = true; # chinese fonts are super pixels
   gnome.enable = true;
   ssh = {
     enable = true;
     hosts = {
+      monolith = {
+        # ssh monolith
+        hostname = "192.168.4.129";
+        user = "henri";
+      };
       factorio = {
         # ssh factorio
         hostname = "192.168.4.250";