setup tetra-zw

.sops.yaml

@@ -9,6 +9,7 @@ keys:
   - &notice-me-senpai age1wxewmzwlzgtsmr29tnu76n30kv29ra5p0ptvr2e3f3ymkqh569kqm07fv4
   - &tram-borzoi age10sedt7xftzu383y8g4pxsj0hazht8tnnxhcngedcsl93s4v9uvvsk99er4
   - &uranus age1xnaw8ssrq2hpsntnt8kdu4dlqh4lz3dcq5lzwn490cskz886te6sreuale
+  - &tetra-zw age1nknzqnqm2d7pxxjl4e4w50jk8t8xx947l2qgrjhpqjfd33ypjfusw7nszw
 
   # turmlabor
   - &traffic-stop-box-0 age1yxtur968m4xe0m3kj0waqpm2kuuywpp9f6t0rxl4f0262ze9n9jqehw0k5
@@ -178,6 +179,8 @@ creation_rules:
         - *admin_revol-xut
         - *admin_marenz-1
         - *admin_marenz-2
+        age:
+        - *tetra-zw
   - path_regex: secrets/uranus/[^/]+\.yaml$
     key_groups:
       - pgp:

hardware/disk-module/default.nix

@@ -12,5 +12,16 @@
       echo file binary-dist $diskImage >> $out/nix-support/hydra-build-products
     '';
   };
+  system.build.diskImageLegacy = import ./make-disk-image.nix {
+    name = "${config.networking.hostName}-disk";
+    partitionTableType = "legacy";
+    additionalSpace = "0G";
+    copyChannel = false;
+    inherit config lib pkgs;
+    postVM = ''
+      mkdir -p $out/nix-support
+      echo file binary-dist $diskImage >> $out/nix-support/hydra-build-products
+    '';
+  };
   fileSystems."/".autoResize = true;
 }

hardware/tetra-zw.nix

@@ -0,0 +1,42 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  # Per-interface useDHCP will be mandatory in the future, so this generated config
+  # replicates the default behaviour.
+  imports = [
+    ./disk-module
+  ];
+  networking = {
+    interfaces.enp5s0.useDHCP = lib.mkDefault true;
+    useDHCP = lib.mkDefault true;
+  };
+
+  networking.useNetworkd = true;
+  networking.wireguard.enable = true;
+
+  deployment-TLMS.net.iface.uplink = {
+    name = lib.mkDefault "enp5s0";
+    useDHCP = lib.mkDefault true;
+  };
+
+  boot.tmp.tmpfsSize = "25%";
+
+  boot.kernelModules = [ "kvm-intel" "r8168" ];
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "sdhci_acpi" ];
+  boot.initrd.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+  # some whoopsie in kernel 6.1.x maybe?
+  boot.kernelPackages = pkgs.linuxKernel.packages.linux_5_15;
+
+  swapDevices = [ ];
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-label/nixos";
+      fsType = "ext4";
+    };
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sda";
+}

hosts/tetra-zw/configuration.nix

@@ -1,8 +1,8 @@
-{ self, pkgs, config, registry, ... }:
+{ self, lib, pkgs, config, registry, ... }:
 
 {
   imports = [
-    "${self}/hardware/dell-wyse-3040.nix"
+    "${self}/hardware/tetra-zw.nix"
   ];
 
   boot.tmp.useTmpfs = true;

secrets/tetra-zw/secrets.yaml

@@ -4,78 +4,87 @@ sops:
     gcp_kms: []
     azure_kv: []
     hc_vault: []
-    age: []
+    age:
+        - recipient: age1nknzqnqm2d7pxxjl4e4w50jk8t8xx947l2qgrjhpqjfd33ypjfusw7nszw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieG5JNzFZdFcvMWtWRjh6
+            bjkwbTVWNW5PaHRSNmx5VU1mSmUyTE9BYXo0CjZZb08vVlJtcEovUE1WQW5oTGRy
+            SDlyM3ZqZUY2d1IxWCs0MzRYSTRXSGsKLS0tIEw0YlplaGFrY0JtRGUyWXhDTllp
+            WUZVei9YWndsTG9UWUVGTS93NDN1R0EKQDKCEOfu77GxyAE81CvCifYXte9jvjcL
+            E6MNUQufOzZFyLXnuPypEUX9WVTg+7yB/4St7+uyV47xX1cI7xfVgQ==
+            -----END AGE ENCRYPTED FILE-----
     lastmodified: "2023-11-27T15:03:10Z"
     mac: ENC[AES256_GCM,data:OCLKBHUxUNBZFfOReLa/MRndLTOuFWMhG5f7IiXv/lPwgQbD9Rp97hnlbYmtHeheXO8vhZsiwUe7VO/UEN17G5s2sdRLdQpn/gT1XlvqN2cfZhJ9cPRJl6QQ40cYW0GNDlu8bSPY1WI2V+9nCxoDazJvrv8U4sjTa/jGNnX51pI=,iv:Rbrd9tvodC2ON08BMaJ6IvKPXrO07VcgtkOm3XgHXwE=,tag:GtTJtHoLlTBLfR3RV3UgCw==,type:str]
     pgp:
-        - created_at: "2023-11-27T15:02:48Z"
+        - created_at: "2024-02-02T21:38:45Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            wcFMA7zUOKwzpAE7AQ//eU1W4XI5YQH/5LniuIF/W0gBJv3jeKlh3QxEUgnBtBRR
+            wcFMA7zUOKwzpAE7AQ//VoPu79j3q87/eMLO5y8jNXFbDPgZiA6TRZcP5HQ23RzV
-            yrf7tzO+4M3qhjhP2JFuyYvipyZ7hM+RFP2hFjEDjBio/GD+PEJgFZn30W7zOkDc
+            QEdWuU9SKkB0HgLUbFn+e4nToJwHbXAiVp85M0zYnLNr6HnLmEJRB0yNtZW/q2aH
-            CwK2jRd2t7VnHmy2oQbYMWVtFZkMW6g0nVv+7QXmVlyw+unWV/spgLGI649gvHtK
+            JZOWW5IW2HrACKk9dtRozTrIPjO+xFRzHRZIWHpiz2unAppJywxgPS9sYwCEzyvo
-            y2QK1Np8YS11Mj6oaz7oJi5WXTRkZDwuIM8YBPNbynbFsRcyHvsVW4HqFXYd4cC7
+            rZHiTFbj4olpMxC1OlX9qbIZp9iOzLkfqdNCg35rYp9WvAGnd+xTO8Tl7ptgzCru
-            PccEwDIlO3nEsWVsBi5xhzANurzRv1LepBWq2ojaCuB7Mnp7G8SADJ45mbUkMswD
+            N12jfshMEMPpby1RJWZRuqDds4maTqfoGxnE73UKZlBy2aDOyWcQE4j0yZ1dRBLB
-            CkxO8VFxembH0x815giUC/S+vB3XV74TThP8t1jUkzWWeFroMY8hqscR42yzeIUS
+            u8tkD59uN1VaCJL8v0n6OKsoj2bP2VXmsAM/2+yu0/ClIMTtfYL50w0ppGaYqV1x
-            5XfaaYU5qqQQyMteiij1jriOxzDiNHQnKPPQPW2spmnQ6njPTmTCmNIC1H9OjF8h
+            B+ytxkwrlTtACCIIWF6HDFEoW7swafVNzAbKhf44UZZoritNvJgW+pDbFs2okRu6
-            StTKzKHILRYLO3Fn9INZrGI/ntPjKks8IjwPxcTjh6wqNsu6SgKWxXuxZUGvIbRj
+            1s8hbXC+/UkUNnO/80S524a+KZAxs1vtPDSwjczwGgCihym8fvF4zywj7DjHrTi4
-            73sQn5r9uI4E/HczGiO3RF/Jcp/btUDHVeWu/nzFseH3H05yJ5ABDllx2VnoHJKT
+            ipC/V5qAbmGuVPz8wuY/af72O4tRrpwalc6aeTuYNds26B30t7wahQ5fL7ezI8zx
-            +9ZCb11psqPX7m0DGWNgREtgybRMJxElm8Ke9QvS6rMXmltlrl5kFbfVngcj0kx5
+            aCA72gc8G5aLXl7PsWEoIIrEkJDoT4thhBqCIeyYS8zN+BhqA35EQKw6WzhP3e7K
-            zsowKHP119mCTuRfZv+YUPJD2tu1sJAq0H7anB6m6HKOEvYvRdNKk42aw414VZjS
+            CopaqNYnKT/A5juNkiYMhn1jHETCTiPFGj24k7IE83p2+zJgFhNgGeBgCGq8gIbS
-            UQEZol48PW3DqJjzlBX9bQH0ZL8v6BfFVk6zflTHyS3WLmrUmZHi3atBl6eMrc+A
+            UQGk1w+bQPAyTej2TCskzeJlzP2TcGS745NYDPFvaoqfjOwpWV6w1ImNIuaErtzt
-            vu8yXYvIwWaOxNUozmwbrNdYxWT4LPrCFI+9q52vqMaG3Q==
+            aLjPOzYKV+dHQfKtBbdcRUl6UWII5mjxLc0fy+sXRyUS5g==
-            =JfFt
+            =7AW5
             -----END PGP MESSAGE-----
           fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
-        - created_at: "2023-11-27T15:02:48Z"
+        - created_at: "2024-02-02T21:38:45Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            wcFMA/YLzOYaRIJJAQ//Tp/AENqZMJjyAyp5IzAgVATmoRpB7expbKSr0JCYfcio
+            wcFMA/YLzOYaRIJJAQ//bXXT68Yd7aXnSgjUvBeK1CCStZ8EcB7zR0+6RTC9ZfIC
-            aJepbsSzKyauYu53+brUYa7kj+VjduGiCaXr0DCewMpohZj54gBDDnj8/XNTjesL
+            hSAo2lRZcMQ8vPHOLKEetCL5V2nb1eZB0dIPWjeHBnH3vj/mWmgGdx6I5Cg7W6+h
-            R6BgSgCm14abvvs++yR7Q8aIxeua0V+i5jYLM5U/CICFRFhKVJvkHtEabNfyG7Hu
+            wlapkDL765hd3eQodxpPC9KYMVuhDrDVULdtotOlfmm6+SyqB1r3pQqHwS9Soc2y
-            FDCxdqOdm78uKvDW7NMrnu7ixfRsS5my+c+NFuWYFsda8xloM5iTPHMjx0S+7acB
+            dPDgE1Le/aGFy4bSt3e0m7ofqxMW+URdnFH3OnrZd35j+UU1gFw6aSXjrxVq3upk
-            F2LZCff5N6f0QvPtlrxj5nD5aQnMql93maSFsKYoKi/o6MMb75qtSYfWUeVl/fu0
+            QTbsa7gb07AiHit+ENI0jjXjYrG0m88SupCpXIa43Qg5xhHKiVFMLXdCmCsIS2LX
-            JFK+pcsJmqsHtrLSv1UniCfqe5MGN6AzS49QGgoTmYZLC2DyNNRbG+ISRs14KJAE
+            AbHVs/qYikcdJQvEDdjJwoqpmsb+DnGnFmNfTZqxJWOOfIK9q4keAQ4DVwJCgVyj
-            wJ3rfSQuVHKYN/2P+dmAi5w4aRea0pIrLYtQNqLYNBqH45IFVgSslDA7GL56epco
+            mXMBgND+lDKW3I1EIaGD/e5J7wv6kVqkHWRsbxrfSdBktoj7XZdyqjrWkShBY5GO
-            wI3Wc1uxQPWS7EODOBKPebA3u+Hxu49i/8bCYk5Pgkp8w6dTm5Ok2i4tc60pBwIA
+            BDS/XbolP3YL1IPMlSUSicMkl69145WvxNFRjFaywdgDcX1Ou/C0hgN2FzYeSbwP
-            Yjp9GPjfF+ld0vgG1NPz+fxx/TH9zzkhg/MvDgtJvYlpG/SnB8F6WxJ7oKZrk4I8
+            y4IkjNaYxkmL3NV7LO5SeoAM6Yct4Xh/7TCtCGqyInf94h0k8PgaEOSxPdUVtNWs
-            NuInneZjit2U2Dxk2BCYS2yUI0aitivzIS/41xuCCmCWDC3h/+6Tg/DaXElLH7Oo
+            3OpKGbZHYVCefaCV7Dx/FPKktqBxDHKLPRpSvDlY+CjtkV/nvhPsPfVOz6uhtK1i
-            sMY4hAXYaB8TxLakHJRs9/Rl2HCi+m9cTN3ygscmVT/aFMCScuO6MkUxIPc+ZBLS
+            7gVxs0XFpnE4AxXsV8DvC5+MJ18wLDpb8Rb21/zm27aVjcxu3K88NCB68G5gwXDS
-            UQFHogD3IiDvySf9Tc8kkBysIA7nUHNwUTr9Q/QKAUXnInxZANuYa5Uqapqn/W+w
+            UQH9nxw8cOMAPXbDxV/6sfLvWhpmxkzEa8qHoH0SY0NNWHfiTLDr+XkOBA/grq+f
-            GdfL2pry3DF1hz1oBEsc2z+l0hww9hzHscJ1jrE/GwVRXA==
+            knBojZ+Qr9y5JDN6fQHK7pQGcZweZkNFbPa40tRUVoG2BQ==
-            =jk+v
+            =ojT1
             -----END PGP MESSAGE-----
           fp: 91EBE87016391323642A6803B966009D57E69CC6
-        - created_at: "2023-11-27T15:02:48Z"
+        - created_at: "2024-02-02T21:38:45Z"
-          enc: |
+          enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hQEMA1N/l9+zlMQzAQf/UbfrpOO9me+hJTy36IIJUoU90CKRJCf9IRfeFXVKok1F
+            hQEMA1N/l9+zlMQzAQf/Y05YUc9u+Svty1Li8YriUoTxKw/w1gp7tb1pZ4aQB0AP
-            4zIFtYkj1ioSVYkm2cJ64pVirIEVgTPeuitc3dATfHsu0Y08hHeCQMs9DiaYzXy2
+            QHSHvMlCmD3iNTXOU1QNxz/QVfnqKXjZkpyUqlErYSpMMcFYyo7N8mt0zBdeup3h
-            /VTau11c87ZBoDm9pLWij/MsCFwi3WGa1UALCunKEtPV3Ljp39+NRu8y3OyOZHjN
+            9y52CvNt6mDDLonq8ZGreOk3B8LyicsAflTp7AvjGW4PF7Fr/tziM2oQn/lZHAbO
-            ktHY0MEntjCzmD8BXx5bkOQ6pOFoKPFY92150Csl73Nnn232Vsaff4ZwStt2FONP
+            52Fe3Um69AzLVgzGor2LL2Nn1bb8a76q3EG6tOaFnNoyAi+JK/5+D5jV33ppfJgs
-            xcXjWdQKH24WigNG/gLa4MMT6grwGkuy08XTkr3cwPMPpekOboDdH+5GsDBkA8jU
+            SFoxgDxZs1Nrhyswa8Or6F+LWxukOkM1+65+CEAd6mwqQTswpwk7/NWLEG4R4Ep4
-            LCQ+bVAo/ChtqdD4OOGpxcECr2CuczWLYsyktJaIb9JeAd6KyTBugKmMEV9WxpKm
+            eUwdXHG/pEKgpJ6uwSlINtU69kaiGks15tdoRuZwUdJeAb56FOwm0tURogrLRp77
-            9l33mLVTpg77qFlKf0Y/axo0eIp7EQqxlpbiQuRZu2aM4s/a3uZ3OLnrVexvSQ1X
+            vZrAIKfRw/T8dg9srQJTHS7Ak/TYI+zHgpj7U2XwkQdS5sPSIsAeLYwP6D8TdMT4
-            5PLZyfkx+TO26/YRCkMxht1Uql08wzWMqZGDglpMTw==
+            aRDnn8Yf7ADq+SMZDxAZQNA7Yk8DwkytcZsel8KlmQ==
-            =jhUj
+            =3ygH
             -----END PGP MESSAGE-----
           fp: 069836A578F7939612DB4934F77D0F7E247A1EE4
-        - created_at: "2023-11-27T15:02:48Z"
+        - created_at: "2024-02-02T21:38:45Z"
-          enc: |
+          enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hQEMA1N/l9+zlMQzAQf/ZuCGHKsISv+rSeUfayaYBxCWYAIHbx5vVg0ydtq8tWar
+            hQEMA1N/l9+zlMQzAQgAkvldc6xEY3+Ns3+1zaDDhOqZwXV9uPeRZXyBO+U5nBt6
-            U6T0A3cergkfZfIX/trsWQqI/TVkc6UL8MDBnOZEYy0qd07tDL+OUlwX6UI7IO+K
+            pddEe06jX/atkBr6zwZls6rnCG/c1zeLWpC2FlMcL4W4VY0snsNY6vLI5FXhS2PD
-            bth8nkTnVthnjCUh4a6VSt4ZeeiYCKJb+ndLDr9Z6qwCRE5cJXDX7NUOJVC7fkOP
+            Med1ir2duYOo5LZqVVvzGsxGIRbkcni5F0Bq7mWCW2E1MWO9qIdHNTLlYjQq4BtR
-            ae/UvFrqppH8JVw/7LZKIu+w6mp7z736cs/o+AhHRuqGnCiNPqF0d7LF8qCpFX07
+            zRbp4UuwMBXNI78+vrSrV87mpCavAJ6Nde6I32iPcxJe0Juv1i7OG3AKyRYcWcmE
-            hwHCkl6CMc8MCoLQsa3mdzhaNpJWU/qkQ7h1S73W8g3wtv7Dpi9kTNhJ1lT+wZKp
+            exBQP7/DLSxTpDazlbYVgROrsCi4CSQ2WW2e3JDM7cb6WYL0zaAJUq75LFRSX+HL
-            MWBvrHJgHaaSVDCNJq7PLUqoxavL0ul9G0tVYrMLttJeAZ76OKiO1i3JCU1JymOT
+            WLRUXjbmdIt25eJaNB/0WnfbYstaTJXLxclp864q99JeAYBN0etvjxFGWiPCF3hM
-            sX3pVzE8MBlDcrpRDQJ4c7/LBPX6qAhnxvyZHawARUWNH2UtVA9ceCW11Jqk+Owg
+            ZjWxk+1EV+ORuP9GvnMRdNAQwBc1HUTWw9HZZN41YyceI8p66OsiMB4HP3Wi9mE3
-            W4FcSvBnXpb0LG0i4qozXvxfAwWm6Hu57Pbqm/YOGw==
+            MQKuWY3wA1alqbFWrB4ssvmug+nyQdqMpLzEDBYu9Q==
-            =/DPb
+            =K/Lc
             -----END PGP MESSAGE-----
           fp: ED06986DFAAE6A61B751DC2F537F97DFB394C433
     unencrypted_suffix: _unencrypted