From 047400c9d6f612ba88ff97bf5916781d967d0a27 Mon Sep 17 00:00:00 2001
From: Jake Hillion <jake@hillion.co.uk>
Date: Sat, 20 May 2023 16:54:50 +0100
Subject: [PATCH] tywin.storage: add host

---
 .../default.nix                               |  28 ++++++++++++
 .../hardware-configuration.nix                |  41 ++++++++++++++++++
 hosts/tywin.storage.ts.hillion.co.uk/system   |   1 +
 modules/common/known_hosts                    |   1 +
 secrets/secrets.nix                           |   2 +
 .../tywin.storage.ts.hillion.co.uk.age        | Bin 0 -> 1091 bytes
 6 files changed, 73 insertions(+)
 create mode 100644 hosts/tywin.storage.ts.hillion.co.uk/default.nix
 create mode 100644 hosts/tywin.storage.ts.hillion.co.uk/hardware-configuration.nix
 create mode 100644 hosts/tywin.storage.ts.hillion.co.uk/system
 create mode 100644 secrets/tailscale/tywin.storage.ts.hillion.co.uk.age

diff --git a/hosts/tywin.storage.ts.hillion.co.uk/default.nix b/hosts/tywin.storage.ts.hillion.co.uk/default.nix
new file mode 100644
index 0000000..82a5f35
--- /dev/null
+++ b/hosts/tywin.storage.ts.hillion.co.uk/default.nix
@@ -0,0 +1,28 @@
+{ config, pkgs, lib, ... }:
+
+{
+  imports = [
+    ../../modules/common/default.nix
+    ./hardware-configuration.nix
+  ];
+
+  config = {
+    system.stateVersion = "22.11";
+
+    networking.hostName = "tywin";
+    networking.domain = "storage.ts.hillion.co.uk";
+
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.efi.canTouchEfiVariables = true;
+
+    ## Tailscale
+    age.secrets."tailscale/tywin.storage.ts.hillion.co.uk".file = ../../secrets/tailscale/tywin.storage.ts.hillion.co.uk.age;
+    custom.tailscale = {
+      enable = true;
+      preAuthKeyFile = config.age.secrets."tailscale/tywin.storage.ts.hillion.co.uk".path;
+    };
+
+    ## Enable btrfs compression
+    fileSystems."/".options = [ "compress=zstd" ];
+  };
+}
diff --git a/hosts/tywin.storage.ts.hillion.co.uk/hardware-configuration.nix b/hosts/tywin.storage.ts.hillion.co.uk/hardware-configuration.nix
new file mode 100644
index 0000000..642f86a
--- /dev/null
+++ b/hosts/tywin.storage.ts.hillion.co.uk/hardware-configuration.nix
@@ -0,0 +1,41 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/cb48d4ed-d268-490c-9977-2b5d31ce2c1b";
+      fsType = "btrfs";
+    };
+
+  fileSystems."/boot" =
+    {
+      device = "/dev/disk/by-uuid/BC57-0AF6";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
+
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  # high-resolution display
+  hardware.video.hidpi.enable = lib.mkDefault true;
+}
diff --git a/hosts/tywin.storage.ts.hillion.co.uk/system b/hosts/tywin.storage.ts.hillion.co.uk/system
new file mode 100644
index 0000000..9bdfd5f
--- /dev/null
+++ b/hosts/tywin.storage.ts.hillion.co.uk/system
@@ -0,0 +1 @@
+x86_64-linux
\ No newline at end of file
diff --git a/modules/common/known_hosts b/modules/common/known_hosts
index 058a823..84e5d81 100644
--- a/modules/common/known_hosts
+++ b/modules/common/known_hosts
@@ -22,6 +22,7 @@ router.alpha.proxmox.ts.hillion.co.uk ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGL5As
 router.home.ts.hillion.co.uk ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlCj/i2xprN6h0Ik2tthOJQy6Qwq3Ony73+yfbHYTFu
 router.stranger.proxmox.ts.hillion.co.uk ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHq9tITN59FJfGoyOPNgP1QyJ0ohbVQS8OZtRO960Uxk
 stranger.proxmox.ts.hillion.co.uk ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9d5u/VaeRTQUQfu5JzCRa+zij/DtrPNWOfr+jM4iDp
+tywin.storage.ts.hillion.co.uk ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATsjWO0qZNFp2BhfgDuWi+e/ScMkFxp79N2OZoed1k
 unifi.unifi.ts.hillion.co.uk ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeayV2pu0IpZS0OT17c4DqkILCZVRl1Y3s2fu087QkO
 vm.strangervm.ts.hillion.co.uk ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINb9mgyD/G3Rt6lvO4c0hoaVOlLE8e3+DUfAoB1RI5cy
 
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 0859a36..af8d664 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -19,6 +19,7 @@ let
             parents = { microserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0cjjNQPnJwpu4wcYmvfjB1jlIfZwMxT+3nBusoYQFr root@microserver"; };
             strangervm = { vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINb9mgyD/G3Rt6lvO4c0hoaVOlLE8e3+DUfAoB1RI5cy root@vm"; };
             terminals = { jakehillion = { gendry = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPXM5aDvNv4MTITXAvJWSS2yvr/mbxJE31tgwJtcl38c root@gendry"; }; };
+            storage = { tywin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATsjWO0qZNFp2BhfgDuWi+e/ScMkFxp79N2OZoed1k root@tywin"; };
           };
         };
       };
@@ -38,6 +39,7 @@ in
   "tailscale/microserver.parents.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.parents.microserver ];
   "tailscale/router.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.router ];
   "tailscale/vm.strangervm.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
+  "tailscale/tywin.storage.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
 
   # Resilio Sync Secrets
   ## Encrypted Resilio Sync Secrets
diff --git a/secrets/tailscale/tywin.storage.ts.hillion.co.uk.age b/secrets/tailscale/tywin.storage.ts.hillion.co.uk.age
new file mode 100644
index 0000000000000000000000000000000000000000..9af450015b790a4a31e7522c4046f2a1701e35a4
GIT binary patch
literal 1091
zcmYk)N$cZe0Dy4?9U&kdJc$ex(Nn3})8^nn(k#u^B+b?YVMx-fO_L^Xn&uw{nTw#F
zM33SZ5HB(x!IKJtj(Ss&5fnk(?xJ4Aukd@GFiRFm9d|e9zG&)~n=XR~6k6Pw0gx{`
z5YEKW5M&dQ23ZIh(U7%+m-n>46~X*OW+%apmNAD313w@aq%(X>^F>dG)hg!GWTTqV
zO>ZRO0L4KhRN4s6ZbWZKZqyD^2ha`8I*Co~wL{wxL22q(gdyJEFV|u<&skNpvUIx}
zLehm2nITKuJ(%upFdghnt^K_^_S{@Zf|N6gF%l^$3l4ZH9i!DC?dlR^5j-`RIE;~t
z2&t5_k=Vw*6a|lORD<554j|0Bj(Eqkyc>k4la(bIwz&#{>A6blG5vs%h}^dAG!+nk
z-fEn0tw@t?kM+s6r#j*MIo8W)72%;G!?8hm@~E*{bK-Ve6^JNL<%wEPR5)yDXzz0X
zAFjFK(_5yH=YnbWllgybg+6)c6&gbsbS@I>k~6XqE4$4)qLgN1wFTSveMdxIRT4L~
zH`!-b&-A<^N&i3)0+wE`qFF)F{IWt*UX|5tdzRIMKFaMnPUTt=2tCGA#o~f01RJJP
zmIZHmD7jB8w-gYkkFXsZLi8prbJ;`AVdIDX)<yPOh4n$1oG_E0I+@0Ndwp~xAv{h6
zECzgjPLKRt*OxrUqHqc&F}$5JCobKHp^7~*pA=R;Da#N^fxEl9U|zb~W>XAjWYc75
ziIm4OnF_|qabTT$5=za+sRTlHjxNs<2Jfis&9&6oCi4MMLJ`fEX+2k38;6@CoZ1wk
zAmXsQETcoR2eJhPg0Zq=lfjqSk~|g%LVzpyKkejzkt9mbYHy%5W_Iu-UAN3*Vllga
zHWRALo&<t^VJJ_%(vFy~L)r%h=b#Nlpew2!?aS8e0dHx8l6o=K89^vfniSM3)0_}<
zjB6vw{%!l(-GjKux+Db2%w%4G5Imx}sq%IaEwEFD<5`e2T~JZ1A4tXsuk~aSuHIR{
zs97y|Q{7%IK!CxeJ#`(*J(P6g3R)}{GdwrIV0jlZLr+ud1}AL0FX4u&P-)Hbn>Z~o
z&UPf9&|>Jz&p-I&nU8P%`tX}*{j~S?oA+;jaqr$QAKiNPl_!6EOMU;Pl?C%Gd-u~f
z9{gl~`}=QC-TwZ;JC8nm>@)C~^Z2Wep8M*%JMn#keZGT!c=zkS{(Sh}i}dV?pLPHB
HKcK$>E;Mj{

literal 0
HcmV?d00001