Initial fortress nix-ification

2025-08-02 22:45:51 -05:00 · 2025-08-02 22:45:51 -05:00 · 3ec7d7a09e
commit 3ec7d7a09e
parent 70590a77ca
2 changed files with 78 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -226,6 +226,31 @@
        specialArgs = { inherit inputs pkgs-unstable; };
      };

+      fortress = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          {
+            networking.hostName = "fortress";
+            system.stateVersion = "25.05";
+
+            home-manager.users."lauren_lagarde" = {
+              home.stateVersion = "25.05";
+              imports = self.homeManagerModules."lauren_lagarde";
+            };
+
+            time.timeZone = "America/Chicago";
+            sops.defaultSopsFile = ./secrets.yaml;
+          }
+
+          ./systems/fortress/configuration.nix
+
+          sops-nix.nixosModules.sops
+          lix-module.nixosModules.default
+          home-manager.nixosModules.home-manager
+        ];
+        specialArgs = { inherit inputs pkgs-unstable; };
+      };
+
      stronghold = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
--- a/systems/fortress/configuration.nix
+++ b/systems/fortress/configuration.nix
@ -0,0 +1,53 @@
+{ config, pkgs, inputs, ... }: {
+  imports = [
+    #"${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix"
+
+    # Core Features
+    ../../nixos/features/base.nix
+    ../../nixos/features/tui-apps.nix
+    ../../nixos/features/openssh-server.nix
+
+    # Core Tweaks
+    ../../nixos/tweaks/zram.nix
+    ../../nixos/tweaks/enable_flakes.nix
+
+    # Users
+    ../../users/lauren_lagarde/lauren_lagarde.nix
+
+    # Additional Software
+    ../../nixos/features/virtualization/dockge.nix
+    ../../nixos/features/virtualization/docker.nix
+  ];
+
+  users.users.root.openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCl881A1gvgCx+4ECrmJnO2QCTiqjaOLfAegKAAkvWNFKL0rDfsj8tZULUcyn87HYsRrdmqCOQ62GOjQyK803azq7QTxwY4vjczkJxico4LnIToTobcz+JkgF6Rf/h74bs9dHk4ZU853FRBz3wi/14rI10Iwckt37B1ayJacpELuzFobKYip2FjiL1vNH3tiAFR131z+YBByvNX+uJYEhpsI0xry9zbsSUWUq5/YFpmjezblzYRokfsReYiKJeQBeROSeRC/xFBSnikECSylNI4sw5VIpGXFIxL5xhss+s+3dnb+LFQ+zInOYxkVRydYc/In9Wz6Tu7v07K8bjvE7nQwHenoGtRW590Xu0rJApS+k8Cu16sCO2QFj/aI+gCrhU0ymM0aicr0hFAME6Y7j9HcR6PxYxnXZjI7cfqhO5TG8jot25SPzJcvH3EV5oPKtAkw9XA+8+nAI9czFlUgHnuMJAqw1IGOD3qozwqZ5yn1+kG7FZJRpvaPc5pK2HtqaAKJmnRuVaWcFuNALh86gr7Qn8IEp8Q+YyKmDqrMZ4KLJUMnVqn4y0HVS1eB5nVujaJZUGJWA4q3og0FE/2kH74WEp2ZtuJAoEPcgfZ6Ns7BmmXIZU7qu4kQoQ73b3mn6hCi5xlQ/sClzwHYkRPo4tST64ED/UIRPCYe1byNUWSww== lauren@lagarde.dev"
+  ];
+  
+  networking.useNetworkd = true;
+  networking.nameservers = [
+    "67.207.67.3"
+    "67.207.67.2"
+    "2001:4860:4860::8844"
+    "2001:4860:4860::8888"
+  ];
+
+  systemd.network = {
+    enable = true;
+    networks."30-ens3" = {
+      matchConfig.PermanentMACAddress = "c2:6c:55:d5:99:6a";
+      address = [
+        "68.183.54.8/20"
+        "10.17.0.6/16"
+        "2604:a880:800:10::d60:9001/64"
+      ];
+      routes = [
+        { Gateway = "68.183.48.1"; }
+      ];
+    };
+  };
+
+  swapDevices = [{
+    device = "/swap/swap0";
+    size = 2048;
+  }];
+}