feat: frikandel

flake.nix

@@ -97,10 +97,15 @@
           };
 
           pie = {
-            hostname = "pie.local";
+            hostname = "pie.b12f.io";
             sshUser = "yule";
           };
 
+          frikandel = {
+            hostname = "frikandel.b12f.io";
+            sshUser = "root";
+          };
+
           maoam = {
             sshUser = "b12f";
           };

hosts/default.nix

@@ -64,6 +64,16 @@
         ];
       };
 
+      frikandel = self.nixos-flake.lib.mkLinuxSystem {
+        nixpkgs.hostPlatform = "x86_64-linux";
+        imports = [
+          self.nixosModules.base
+          ./frikandel
+          self.nixosModules.yule
+          self.nixosModules.docker
+        ];
+      };
+
       # maoam = self.nixos-flake.lib.mkLinuxSystem {
       #   nixpkgs.hostPlatform = "aarch64-linux";
       #   imports = [

hosts/frikandel/configuration.nix

@@ -0,0 +1,46 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib; let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in {
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.kernelParams = [
+    "boot.shell_on_fail=1"
+    "ip=128.140.109.213::172.31.1.1:255.255.255.255:frikandel-initrd.b12f.io::off"
+  ];
+  boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_net" ];
+  boot.initrd.network = {
+    enable = true;
+    ssh = {
+       enable = true;
+       port = 2222;
+       hostKeys = [ /boot/initrd-ssh-key ];
+       authorizedKeys = psCfg.user.publicKeys;
+       shell = "/bin/cryptsetup-askpass";
+    };
+  };
+
+  boot.supportedFilesystems = [ "zfs" ];
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+}

hosts/frikandel/default.nix

@@ -0,0 +1,8 @@
+{...}: {
+  imports = [
+    ./hardware-configuration.nix
+    ./configuration.nix
+
+    ./networking.nix
+  ];
+}

hosts/frikandel/hardware-configuration.nix

@@ -0,0 +1,37 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  boot.initrd.luks.devices = {
+    cryptroot = {
+      device = "/dev/disk/by-uuid/1bd62a2a-9e5b-4ad7-8b2f-13bdf59f010c";
+      bypassWorkqueues = true; # optimization for ssds
+    };
+  };
+
+  fileSystems."/" =
+    { device = "zroot/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/684A-5884";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/a7d1cbb8-7c9e-4c3d-841a-add867f47389"; }
+    ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

hosts/frikandel/networking.nix

@@ -0,0 +1,26 @@
+{
+  flake,
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  networking.hostName = "frikandel";
+  networking.hostId = "44234773";
+  networking.nameservers = [ "9.9.9.9" ];
+
+  # Network configuration (Hetzner uses static IP assignments, and we don't use DHCP here)
+  networking.useDHCP = false;
+  networking.interfaces.enp1s0 = {
+    ipv4.addresses = [{ address = "128.140.109.213"; prefixLength = 32; }];
+    ipv6.addresses = [{ address = "2a01:4f8:c2c:b60::"; prefixLength = 64; }];
+  };
+  networking.defaultGateway = {
+    address = "172.31.1.1";
+    interface = "enp1s0";
+  };
+  networking.defaultGateway6 = {
+    address = "fe80::1";
+    interface = "enp1s0";
+  };
+}

users/b12f/home.nix

@@ -72,6 +72,19 @@ in {
           user = "webj4bsux_36qkrk";
           port = 2244;
         };
+
+        "pie.b12f.io" = {
+          user = "yule";
+        };
+
+        "frikandel-initrd.b12f.io" = {
+          user = "yule";
+          port = 2222;
+        };
+
+        "frikandel.b12f.io" = {
+          user = "yule";
+        };
       };
     };