feat: initial commit

2026-04-08 20:53:49 +02:00 · 2026-04-08 20:53:49 +02:00 · a28c2b5563
commit a28c2b5563
19 changed files with 314 additions and 0 deletions
--- a/system/boot.nix
+++ b/system/boot.nix
@ -0,0 +1,5 @@
+{ ... }:
+{
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sda";
+}
--- a/system/default.nix
+++ b/system/default.nix
@ -0,0 +1,9 @@
+{ ... }:
+{
+  imports = [
+    ./sops.nix
+    ./users.nix
+    ./network.nix
+    ./boot.nix
+  ];
+}
--- a/system/network.nix
+++ b/system/network.nix
@ -0,0 +1,5 @@
+{ ... }:
+{
+  networking.hostName = "tuserver";
+  networking.networkmanager.enable = true;
+}
--- a/system/sops.nix
+++ b/system/sops.nix
@ -0,0 +1,14 @@
+{ lib, ... }:
+
+let
+  secretData = import ../intermediate/secrets.nix;
+in
+{
+  sops = {
+    age.keyFile = "/var/lib/sops-nix/key.txt";
+    secrets = secretData.byName;
+  };
+
+  warnings = lib.optional (secretData.missing != [])
+    "Some SOPS source files are missing or not yet encrypted; no runtime secrets will be provisioned for: ${builtins.concatStringsSep ", " (map (item: builtins.concatStringsSep "_" item.path) secretData.missing)}";
+}
--- a/system/users.nix
+++ b/system/users.nix
@ -0,0 +1,10 @@
+{ ... }:
+{
+  users.mutableUsers = false;
+
+  users.users.nudelerde = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    hashedPassword = "$y$j9T$nWURcrCMWKPzj1xAydtNU/$qbOuwWcLSWQBiDTw8WJ2sRZYtP7qnGShQDA2USRC/C0";
+  };
+}