From 31b89c704975d8d436698c9bfd07b926a06e13cf Mon Sep 17 00:00:00 2001
From: Albert <albert.bayazidi@gmail.com>
Date: Sat, 26 Apr 2025 23:24:04 +0200
Subject: [PATCH] intermediate commit

---
 flake.nix                               | 19 +++++++++---
 hosts/lupine/configuration.nix          | 33 ++++++++++++++++++++
 hosts/lupine/hardware/lupine_1.nix      | 40 ++++++++++++++++++++++++
 hosts/lupine/hardware/lupine_2.nix      | 41 +++++++++++++++++++++++++
 hosts/lupine/hardware/lupine_3.nix      |  0
 hosts/lupine/hardware/lupine_4.nix      |  0
 hosts/lupine/hardware/lupine_5.nix      |  0
 hosts/lupine/services/gitea-runners.nix |  4 +++
 8 files changed, 132 insertions(+), 5 deletions(-)
 create mode 100644 hosts/lupine/configuration.nix
 create mode 100644 hosts/lupine/hardware/lupine_1.nix
 create mode 100644 hosts/lupine/hardware/lupine_2.nix
 create mode 100644 hosts/lupine/hardware/lupine_3.nix
 create mode 100644 hosts/lupine/hardware/lupine_4.nix
 create mode 100644 hosts/lupine/hardware/lupine_5.nix
 create mode 100644 hosts/lupine/services/gitea-runners.nix

diff --git a/flake.nix b/flake.nix
index 3d12130..f878cd0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -55,7 +55,7 @@
 
     nixosConfigurations = let
       unstablePkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
-      nixosConfig = nixpkgs: name: config: lib.nixosSystem (lib.recursiveUpdate
+      nixosConfig = nixpkgs: name: configurationPath: config: lib.nixosSystem (lib.recursiveUpdate
         rec {
           system = "x86_64-linux";
           specialArgs = {
@@ -65,7 +65,7 @@
           };
 
           modules = [
-            ./hosts/${name}/configuration.nix
+            configurationPath
             sops-nix.nixosModules.sops
           ] ++ config.modules or [];
 
@@ -84,8 +84,8 @@
         (removeAttrs config [ "modules" "overlays" ])
       );
 
-      stableNixosConfig = nixosConfig nixpkgs;
-      unstableNixosConfig = nixosConfig nixpkgs-unstable;
+      stableNixosConfig = name: config:
+          nixosConfig nixpkgs name ./hosts/${name}/configuration.nix config;
     in {
       bicep = stableNixosConfig "bicep" {
         modules = [
@@ -158,7 +158,16 @@
           inputs.gergle.overlays.default
         ];
       };
-    };
+    } //
+    (let
+      machineNames = map (i: "lupine-${toString i}") (lib.range 1 5);
+      stableLupineNixosConfig = name: config:
+          nixosConfig nixpkgs name ./hosts/lupine/configuration.nix config;
+    in lib.genAttrs machineNames (name: stableLupineNixosConfig name {
+      modules = [
+        { networking.hostname = name; }
+      ];
+    }));
 
     nixosModules = {
       snakeoil-certs = ./modules/snakeoil-certs.nix;
diff --git a/hosts/lupine/configuration.nix b/hosts/lupine/configuration.nix
new file mode 100644
index 0000000..bdf4e00
--- /dev/null
+++ b/hosts/lupine/configuration.nix
@@ -0,0 +1,33 @@
+{ config, fp, pkgs, values, ... }:
+{
+  imports = [
+    ./hardware/${config.networking.hostname}.nix
+
+    (fp /base)
+    (fp /misc/metrics-exporters.nix)
+  ];
+
+  sops.defaultSopsFile = fp /secrets/lupine/lupine.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  sops.age.generateKey = true;
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  systemd.network.networks."30-enp6s0f0" = values.defaultNetworkConfig // {
+    matchConfig.Name = "enp6s0f0";
+    address = with values.hosts.lupine; [ (ipv4 + "/25") (ipv6 + "/64") ]
+      ++ (with values.services.turn; [ (ipv4 + "/25") (ipv6 + "/64") ]);
+  };
+  systemd.network.wait-online = {
+    anyInterface = true;
+  };
+
+  # There are no smart devices
+  services.smartd.enable = false;
+
+  # Do not change, even during upgrades.
+  # See https://search.nixos.org/options?show=system.stateVersion
+  system.stateVersion = "24.11";
+}
diff --git a/hosts/lupine/hardware/lupine_1.nix b/hosts/lupine/hardware/lupine_1.nix
new file mode 100644
index 0000000..73c33c7
--- /dev/null
+++ b/hosts/lupine/hardware/lupine_1.nix
@@ -0,0 +1,40 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/a949e2e8-d973-4925-83e4-bcd815e65af7";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/81D6-38D3";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/82c2d7fa-7cd0-4398-8cf6-c892bc56264b"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/hosts/lupine/hardware/lupine_2.nix b/hosts/lupine/hardware/lupine_2.nix
new file mode 100644
index 0000000..3e8e14e
--- /dev/null
+++ b/hosts/lupine/hardware/lupine_2.nix
@@ -0,0 +1,41 @@
+# IKKE EKTE BARE EN TEST
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/a949e2e8-d973-4925-83e4-bcd815e65af7";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/81D6-38D3";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/82c2d7fa-7cd0-4398-8cf6-c892bc56264b"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/hosts/lupine/hardware/lupine_3.nix b/hosts/lupine/hardware/lupine_3.nix
new file mode 100644
index 0000000..e69de29
diff --git a/hosts/lupine/hardware/lupine_4.nix b/hosts/lupine/hardware/lupine_4.nix
new file mode 100644
index 0000000..e69de29
diff --git a/hosts/lupine/hardware/lupine_5.nix b/hosts/lupine/hardware/lupine_5.nix
new file mode 100644
index 0000000..e69de29
diff --git a/hosts/lupine/services/gitea-runners.nix b/hosts/lupine/services/gitea-runners.nix
new file mode 100644
index 0000000..ad3c622
--- /dev/null
+++ b/hosts/lupine/services/gitea-runners.nix
@@ -0,0 +1,4 @@
+{ config, lib, values, ... }:
+{
+  nameList = builtins.attrNames (builtins.readDir ../hardware);
+}