feat: icarus

flake.nix

@@ -177,6 +177,7 @@
         ds9 = nixosSystem "x86_64-linux" [ ./hosts/ds9/default.nix ];
         daedalusvm = nixosSystem "aarch64-linux" [ ./hosts/daedalusvm/default.nix ];
         octopi = nixosSystem "aarch64-linux" [ ./hosts/octopi/default.nix ];
+        icarus = nixosSystem "x86_64-linux" [ ./hosts/icarus/default.nix ];
       };
       darwinConfigurations = processConfigurations {
         daedalus = darwinSystem "aarch64-darwin" [ ./hosts/daedalus/default.nix ];

hosts/icarus/default.nix

@@ -0,0 +1,41 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ inputs, config, pkgs, lib, ... }:
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  documentation.enable = false;
+  documentation.nixos.enable = false;
+  documentation.man.enable = false;
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  security.polkit.enable = true; # needed for libvirtd
+  services.glusterfs.enable = true;
+  environment.systemPackages = [ pkgs.python3 ];
+  virtualisation.libvirtd = {
+    enable = true;
+    qemu.swtpm.enable = true;
+
+  };
+
+
+  # Immutable users due to tmpfs
+  users.mutableUsers = false;
+
+
+  programs.mosh.enable = true;
+  ragon = {
+    services = {
+      ssh.enable = true;
+    };
+  };
+
+}

hosts/icarus/hardware-configuration.nix

@@ -0,0 +1,43 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/1687e097-8b1f-45bb-9b6c-1ccea8ba05e5";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    {
+      device = "/dev/disk/by-uuid/B52A-633F";
+      fsType = "vfat";
+    };
+  fileSystems."/gluster" =
+    {
+      device = "/dev/disk/by-uuid/09b6577c-af50-4fab-abe5-9d89fb85cad7";
+      fsType = "xfs";
+    };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/e71527bd-1461-46cd-88aa-a168c429d44b"; }];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  #networking.useDHCP = lib.mkDefault true;
+  networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

nixos-modules/services/ssh.nix

@@ -1,6 +1,7 @@
 { config, lib, pkgs, ... }:
 let
   cfg = config.ragon.services.ssh;
+  pubkeys = import ../../data/pubkeys.nix;
 in
 {
   options.ragon.services.ssh.enable = lib.mkEnableOption "Enables sshd";
@@ -8,5 +9,6 @@ in
     services.openssh.permitRootLogin = "without-password";
     services.openssh.enable = true;
     services.openssh.passwordAuthentication = false;
+    users.users.root.openssh.authorizedKeys.keys = pubkeys.ragon.user;
   };
 }

nixos-modules/user/default.nix

@@ -56,7 +56,7 @@ in
       uid = uid;
       extraGroups = [ "wheel" ] ++ extraGroups;
       shell = pkgs.zsh;
-      openssh.authorizedKeys.keys = pubkeys.ragon.computers ++ extraAuthorizedKeys;
+      openssh.authorizedKeys.keys = pubkeys.ragon.user ++ extraAuthorizedKeys;
       passwordFile = config.age.secrets.ragonPasswd.path;
     };
     ragon.agenix.secrets.ragonPasswd = { };