Merge branch 'cephiroth-v2' into 'main'

Cephiroth v2 See merge request nounous/nixos!7
2025-04-13 13:53:44 +02:00 · 2025-04-13 13:53:44 +02:00 · 6dddd5c8cd
parent ccb7a82f6e 33740625c2
commit 6dddd5c8cd
9 changed files with 218 additions and 3 deletions
--- a/flake.nix
+++ b/flake.nix
@ -42,6 +42,11 @@
              modules = [ ./hosts/vm/apprentix ] ++ baseModules;
            };

+            cephiroth = nixosSystem {
+              specialArgs = inputs;
+              modules = [ ./hosts/physiques/cephiroth ] ++ baseModules;
+            };
+
            jitsi = nixosSystem {
              specialArgs = inputs;
              modules = [ ./hosts/vm/jitsi ] ++ baseModules;
--- a/hosts/physiques/cephiroth/default.nix
+++ b/hosts/physiques/cephiroth/default.nix
@ -0,0 +1,26 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./networking.nix
+
+    ../../../modules
+  ];
+
+  networking.hostId = "bbdd1133";
+  networking.hostName = "cephiroth";
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.efiSupport = true;
+  boot.loader.grub.device = "nodev";
+
+  boot.loader.grub.mirroredBoots = [
+    {
+      devices = [ "nodev" ];
+      path = "/boot-fallback";
+    }
+  ];
+
+  system.stateVersion = "24.05";
+}
--- a/hosts/physiques/cephiroth/hardware-configuration.nix
+++ b/hosts/physiques/cephiroth/hardware-configuration.nix
@ -0,0 +1,57 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "uhci_hcd" "hpsa" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "head/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/C900-92D1";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  fileSystems."/boot-fallback" =
+    { device = "/dev/disk/by-uuid/C931-84A4";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.bond0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.bond0.10.useDHCP = lib.mkDefault true;
+  # networking.interfaces.bond0.3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.bonding_masters.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno4.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno49.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno50.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno51.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno52.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp11s0f0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp11s0f1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/physiques/cephiroth/networking.nix
+++ b/hosts/physiques/cephiroth/networking.nix
@ -0,0 +1,49 @@
+{ ... }:
+
+{
+  networking = {
+
+    dhcpcd.enable = false;
+
+    vlans = {
+      vlan3 = {
+        id = 3;
+        interface = "bond0";
+      };
+      vlan10 = {
+        id = 10;
+        interface = "bond0";
+      };
+    };
+
+    bonds.bond0 = {
+      interfaces = [ "enp11s0f0" "enp11s0f1" ];
+      mode = "802.3ad";
+    };
+
+    interfaces = {
+      vlan3 = {
+        ipv4 = {
+          addresses = [
+            {
+              address = "172.16.3.3";
+              prefixLength = 24;
+            }
+          ];
+        };
+      };
+      vlan10 = {
+        ipv4 = {
+          addresses = [
+            {
+              address = "172.16.10.3";
+              prefixLength = 24;
+            }
+          ];
+        };
+      };
+    };
+    defaultGateway = "172.16.3.99";
+    nameservers = [ "172.16.10.128" ];
+  };
+}
--- a/secrets/common/root.age
+++ b/secrets/common/root.age
@ -1,4 +1,5 @@
 age-encryption.org/v1
+<<<<<<< HEAD
 -> ssh-ed25519 2k5NOg 4z9gZoi1nI43RZpsVo7kSb60CU66nu4Oo7s56cJ2Ixw
 2q2Mrknk2dV08G1otHSuw1urEGMN1M1hYcyNiG3QnK0
 -> ssh-ed25519 iTd7eA 0P+Sf77RiouUH+iNfs5pF5sZfv70ftHEG/4yte37XDU
@ -24,4 +25,30 @@ McTWwmOr0JvZ241sW2dkTiLNJLqDnghdarxxA6Bi2i0
 -> ssh-ed25519 eXMAtA X33iEIce1PKaJyhCmezY6QvUfVHCcy6cNCJ9MoRkRzs
 afNufk0j4RD6qzhXAE+QypiTKjon/+SwetBKJDpBGFM
 --- YH0BJ2SPwVZOJOiAWayJzajKmIRcGHH3DGK9Bdegrzs
-¬p8 PƒvÕö¡eBK\|ø*‚D«PŸiytÒéÎjîÅû°³9¯T“>¸IÍRÎÐLùÈ+"!Y“3"(/w
+¬p8 PƒvÕö¡eBK\|ø*‚D«PŸiytÒéÎjîÅû°³9¯T“>¸IÍRÎÐLùÈ+"!Y“3"(/w
+=======
+-> ssh-ed25519 2k5NOg Svrem6CDZP6xX1GDOmloRIAPeyDQV75/b0MwDT+972E
+nXCeatzbtsFsxEJsbAfnRbsqDoLblxUVDC99N2a0QZE
+-> ssh-ed25519 iTd7eA sSbUU5u+vL/RYOvhmKBew0H11IOAKekdFjvWA/b6Axk
+04fyYuDjVdpON+RyBOFNj4GLPEPxbmDBRPdvL0HP/Mw
+-> ssh-ed25519 h5sWQA OyyUENRFhpdO6vN7tXv3R6lFuyJFO2chOs5Ujj+H5xM
+BSJNOsPzP6O91t+yF2Fc7F7lQ4uoZ0XA08/k0sQBSxw
+-> ssh-ed25519 /Gpyew ycR52ChF0PXVIASNa21GW5rZhNkUdm4L+qpMGkU+mS0
+0K9QfbqO+piWxG3cNbRqCAg5OahWeNp1CjCr9Xf7qBo
+-> ssh-ed25519 LAIH1A 6R+UrpvT+m/4b5rYxOqdMtY7lWuiQVNA74JUmIZYnFc
+SyVckkzLYiA3+MO+rmymj3FoRZO+88d44QRSGAxjZCQ
+-> ssh-ed25519 qeMkwQ uSBSu3+hBJyBFccE9LVafx/4nnNRfdbrhoYNk7h+RAA
+tHEhdso/7ZZMauUbNcW1I8UURiKuBhFpjaXmG/tzQSs
+-> piv-p256 ewCc3w A6Zt+RzeoJOjb1St4hIUz9uOz677sIm6//6MBge1wpUB
+wj0tcKjV1K/zJ9TyuoIFe5BPrTDLa1zgS9iU+9hz8jg
+-> piv-p256 6CL/Pw AtMvYrgewAmNNtmKzunuWiL/fKOJLWNyqjsMMHdRQ9qU
+HMM4WATy3ptCTDVRMiCLPEa+HQV1qD6E7gra3vR+WeQ
+-> ssh-ed25519 I2EdxQ YIfL8RsQuBpou9bEzPLgnGKEu3LU1umm2Gsg4sHLz3c
+1cwiqzYl2OZP14l/yOeCWd34wPky1BlXrvio12BX3Xg
+-> ssh-ed25519 GNhSGw AC/rhkYLYCcpHmpew92iA+ggDKPHK/Peq4MQ1Sse1HU
+fwBrDclET5QEZ1adT8abjH6Mc6MIqHKIqytafcRPkK8
+-> ssh-ed25519 eXMAtA iaFiw3ToxQ25wJxcX43SKX3ZXp2nbCxFiQ7zxqzneC8
+Yc1k3XCGDchmCmvgquwsogwqjb+qEq3InhYrZrMaZ0Y
+--- a/rpCM6S3vOYHV0mtBy454Csl4loPw1M7ddKOXclnNI
+‹”WÒRîæ%Üù†¨wZ-ßÎWv$JJgÖ"—U‡ß¦&°NÓ1[ïbÐh˜N<CB9C>#÷YÔçˆÑ×<Þdl
+>>>>>>> 19622ff (Chiffrement cephiroth)
--- a/secrets/restic/cephiroth/base-password.age
+++ b/secrets/restic/cephiroth/base-password.age
@ -0,0 +1,17 @@
+age-encryption.org/v1
+-> ssh-ed25519 2k5NOg 3bx98CtSuo2bBcMNDERXBAd/V5QHDwS9QxiUeOIYfA0
+WNXRmrsvAYzf+hPKTD1cDe8AxsLE2XXOR3/9ntok4kI
+-> piv-p256 ewCc3w A9SuxTuiv6fR4x/L2T35+P1BQhXdNpJqYY6JAx14JNDV
+te3znop5erWyoQD5ummj0jzymLowOTQp8VHRcHZIEhI
+-> piv-p256 6CL/Pw Ax+D6ty1y6EvXW0PMmyCdBHlsDFhRTAjU0fdEsKQaWxm
+eo1/cUsSW0fxSjenYSZZrwnIw6dNiiFRsmgDBZculLM
+-> ssh-ed25519 I2EdxQ 615M9ya/ucv/fGBQ+WTje+xkHbQTWb3o3sL3uHsnfEw
+2bg0Lizi0xuBTZEImpU94E6NDpWybCbNsIQpXM8EdNE
+-> ssh-ed25519 GNhSGw ge2dVtIyfvdDCXqFA0lUQL+pWm/vSzYniGlW4QhVpx8
+MnL0sBA4EjsrK0fG5KY7Ohu/QoynehvkPaD4k7uXGIE
+-> ssh-ed25519 eXMAtA vllKN8ZW9wI2+jU37/T+M90d+JdHqdu6pA1ahQA6Um4
+RYXFH+Ww4FRLY2BC4erw5f6xiPqzF4zH9jXGztD5atU
+--- s3uczVE3E+Gm/7UvDCEe5lPibnmOZjFwv+yvVUvC68s
+Nõ¾<EFBFBD>ûõ`~"ü=õ<>UÞÍåÖ‹\%°thÒ°Q¦ÆÇQˆ5H’Þ•é¸n=Ïá<C38F>â°ïw¡ýdV®`ìaWw¶=×d¶¶ÒTC	cT<63>ö¯«Èu€Ãš¼SòÞ\1Ô›NÏ]½hfJZ÷›Ó«¼Ën^QúÅôÔ†¿¨–k¥V×ªæðêt¿‘‹È£È•“G,i¡Žv˜V?£¹Xfí
+þJÙ‹Òf_VxU’õ¥M¿ë³zÛ!ÖG
+-õðkàú:Æ¡xhâ¹èÍÐKC1y1Ù*€þ7×â4c'éûØ’+9æî¡€5	ÙÎòáPÓwÔÜøYêëÐ—^2þ,äeUnÅ·ï;Éiãô?˜Øø‡õMGQenÄ×]l
--- a/secrets/restic/cephiroth/base-repo.age
+++ b/secrets/restic/cephiroth/base-repo.age
--- a/secrets/restic/jitsi/base-password.age
+++ b/secrets/restic/jitsi/base-password.age
@ -1,4 +1,5 @@
 age-encryption.org/v1
+<<<<<<< HEAD
 -> ssh-ed25519 iTd7eA Cn4X/15nIr4aBckcscrpeISR0BVQvpZUQv5vhoLUwRg
 ZTv/zkv5A90FiBlxO7N/NSwHo+7Br5D5ksV5TYECfsE
 -> piv-p256 ewCc3w Ajkq5jXzH2m9GGryEPPzYEFsZHpAdV9PpSFU+gTqkhLK
@ -15,4 +16,20 @@ I3/3Uk1vKPYr1XNjoFIMISzfLYqFFrOEaA8bLGX8G9k
 9hIa8dC+z+awUC9cPEa1/eiETrDzjVsdwetJR8LJleE
 --- EDDzNZbfu1k62QxWpeNvMzWm5PjgxCUiTypr+BMsamU
 2pžl	H<>ò@²i‚ù?‡<=½èç!Z‘_bÁØÂ¾þÉ|5²J¨ëm]I§½H¾’Š³©$^E>°ù¿¾Ê•Þä;7Ã÷¤ÿMjË}<7D>Íá¸Êq_?YeÍùZ9`ä[‹’Tñ¢À´õÂm'T¬?P\'ÇRÃ+œ?xæéb¥ðå·nóG¿|¿Ý6èãh¶Ûxí€Õ ÜÝ`Í:O‰ª¬H40_LLn)·¤¦„Æ±•òžï·kÒ¹Ç`Ï_wgF`Š36\”›T4 ½ ÛOÃæ™AZ¬wHˆI7àO~©ƒ¾·¦ºgñŽöNMEk“W¡¬ývQ¢ÄðV55øÇgÞ3
é7ìtœ	‘<’v
-,
+,
+=======
+-> ssh-ed25519 iTd7eA s0+l/6oShBz9ikixHzOH1ZeqqBfYiFUiMmupY7dD7F8
+qG6JGeQ4VZZhcSP0DIna5T4ApNTEYvr6T0b65GqYbXM
+-> piv-p256 ewCc3w AzTQZk8h5T8HNbCZ25UhIOLBqqBJjMtQuTYCbZkkQg0f
+5ggJezfGbEL4H6o1u9vyOfMgSaWU8dWt4s63k4W+7aE
+-> piv-p256 6CL/Pw A9Pc6W8yfckf8NPKfI3ijBwp5X2Es7N6/gLJQK8DUGHY
+LMTVYyiMQY/+p86jUV9f1R9WqaPf5MkmIBSQVjstNCQ
+-> ssh-ed25519 I2EdxQ i0Bc88DJeeFhJEhka46NoNBj92psTDYJCa+gTFerLEU
+5WyerYIqt7ZV+A+oEAEifRcR1QhON2cnllv+0vumjaM
+-> ssh-ed25519 GNhSGw gsyZh0ND3POSHbNFXPSw/GaBP6oTSBC2amQ8c/lniVk
+RGkkMAOce2KT7lQfHcMPFHThnPjVSXy0HvzTdoY4/ig
+-> ssh-ed25519 eXMAtA 00JsnPLMk1GD2hJC1TXWmSuGLLoZCuRQr+igOy+uXmE
+esvRhZmWjG10GIZ1UQpZb/QfgmZHt9Nda5Q4HriczFE
+--- QyrvM667EoVMiAsNKcZlVvX3uaM3D22mMXLBC1gweUE
+Þ5ŽZT«ê›¬óHÙ.0=Vÿ»^vÆ<76>ÑÚ¡í ^}!;KÏºðQÀÖ{ù‚“žõK”c§~ƒYõÐ<>ã$·òí!Æ4=/k^Fó<46>’K¸nç“98+•†• ·½æÂÇb´#>ÁÛ@äY´4Ø8+*îh4Õy¨ŽÔYÿúekù¹›Y’kT˜Œ\‰àÉu,1Kh²X¯>ÔótðøTGÐçp‹ÌÊLöprSÕúÜyì!iŸdÒÿ´o±ç÷%ëSK•ç»i”'D¡7°Úìçð¢õ`æ+¢%PîRŸÂÌm«Ú›I#·$!•jŒ&HŽUù ‹7ÇìÒ5ƒùE†8‹î1¾¥¥Ð¡dF!¼	SoÄ‘t§
+>>>>>>> 19622ff (Chiffrement cephiroth)
--- a/secrets/restic/jitsi/base-repo.age
+++ b/secrets/restic/jitsi/base-repo.age
@ -1,4 +1,5 @@
 age-encryption.org/v1
+<<<<<<< HEAD
 -> ssh-ed25519 iTd7eA ktPtHZZ/+e2knf7YT58/ejjo4yqOerXJQ14JfU9ILBQ
 NUJFutka+8RGBXsW/gn+y2zS68D6yHJo8KqjLjwfDq4
 -> piv-p256 ewCc3w A2IoLrli9N3qyiZvxKQLZg/LXIS2OqtoDKyeAbGPb+us
@ -14,4 +15,20 @@ tsG1aNZdpxdnVhpbV9atHptidXZ8dvLI6ht7SlEWDT4
 -> ssh-ed25519 eXMAtA 2Ebl9bg/Nt+m3M+TyoXIH43tfliZQ7kroGf2QOnyaVE
 Zng4Ci0raemfl2xjK1dPd8uxlvX3Qd/ycI4f1DoJfiE
 --- WNg4DqhbLUxAUSRgmbA2JrOhHKSUk09U7OQFN6g9mPg
-EÜs{ÀfK›d÷áê—ô…r@çøqX\)Èý¬H5eÅÆ?LG)5<>¥_ºIìná¦=I=LÉHÌI)Yü~÷F’P²‚^ïi5Þ .#O&›Ýòº#’–v)½º(¶h÷AëÍ Þ=üàê¬_ç6'½cGÑrXò«ƒnæî
+EÜs{ÀfK›d÷áê—ô…r@çøqX\)Èý¬H5eÅÆ?LG)5<>¥_ºIìná¦=I=LÉHÌI)Yü~÷F’P²‚^ïi5Þ .#O&›Ýòº#’–v)½º(¶h÷AëÍ Þ=üàê¬_ç6'½cGÑrXò«ƒnæî
+=======
+-> ssh-ed25519 iTd7eA Y8wuvsreTRv20q2thRD7J4f61ogTENCAyn9bOJvADgc
+GhyAJSLpz4rO6zl3H6Szm9G5qLwS7BkzgP9s0XU52M8
+-> piv-p256 ewCc3w A591o/p2gMKoL2dFrxq27htq7TFaNHKHr3fDI9JaGzFp
+zIafFSNcP+YGUIxjrm5RrrS/y+AzGilY/aksh51Izy0
+-> piv-p256 6CL/Pw Atu81Usvghvl5fmnYVMxwETultr9LwmGfsDLj9R+LqHN
+KgKZhjQh3ooXF7QSqvYvWQsPeunJOcFkrrgL1g8k1+A
+-> ssh-ed25519 I2EdxQ 8YcX/73oQQRR2C104PFUrEroJB9YW3VCzMmiLFKKQXY
+T40fDigP+DgfhYMy4aHfmZa11PEr2oEC30YmSbAfh9Y
+-> ssh-ed25519 GNhSGw FsyM8yQ3BhgucvVWVL0cm3gItk4fcvRXDuG96MD1bxU
+P6ZC4DLPCuegUYzlOC3CFb/BBtTcH669PoDyJyY85Rs
+-> ssh-ed25519 eXMAtA Peaw1jyUzhIgV3ks8Jqf5MODj1eXdk7DJnC/0LLkcEs
+VeEI3YiVUzahRy96xODiOOs4566o1jDjC8YgWiPOsls
+--- UVx0VuBDrfGbdb3FhSHFO/IvykyJzErR7rFHD5nJ7r4
+K¸›xÍ‡<EFBFBD>òzÆÜ1#Æ#fùòðÑº¬<C2BA>¬0™o‡{{À/ºXæ=˜¥Pº):|ùnÞŠ¶em*ëlÐ,ëA&É$?›¿<>ËmWâï°q¥*²0tèX½m{Å²y“Ä»îè÷Ù’6W¿¨#ðcGt=EAèé„zgX+
*þ
+>>>>>>> 19622ff (Chiffrement cephiroth)