diff --git a/README.md b/README.md
index 99c0748..3036ac6 100644
--- a/README.md
+++ b/README.md
@@ -86,19 +86,88 @@ nixos-rebuild switch --flake .#mow0m --build-host master@mow0m --target-host mas
| SSH Config |
Host mow0m
- HostName mow0m.lan
- User master
- Port 9553
- IdentityFile ~/.ssh/master@mow0m
+ HostName mow0m.lan
+ User master
+ Port 9553
+ IdentityFile ~/.ssh/master@mow0m
Host remoteunlock-mow0m
- HostName mow0m.lan
- User root
- Port 2550
- IdentityFile ~/.ssh/remoteunlock-mow0m |
+ HostName mow0m.lan
+ User root
+ Port 2550
+ IdentityFile ~/.ssh/remoteunlock-mow0m
-
+### senfnvp
+
+[Configuration](./systems/aarch64-linux/senfnvp)
+
+
+
+ | User |
+ master@senfnvp |
+
+
+ | Cpu |
+ dummy-virt (10) |
+
+
+ | Ram |
+ 16GB |
+
+
+ | Build |
+ nixos-rebuild switch --flake .#senfnvp --target-host master@senfnvp --build-host master@senfnvp --use-remote-sudo |
+
+
+ | SSH Config |
+
+Host senfnvp
+ Port 9553
+ User master
+ HostName senfnvp.kb-one.de
+ IdentityFile ~/.ssh/master@senfnvp
+Host remoteunlock-senfnvp
+ Port 7299
+ User root
+ HostName senfnvp.kb-one.de
+ IdentityFile ~/.ssh/root@remoteunlock-senfnvp |
+
+
+
+### pkpnafs
+
+[Configuration](./systems/x68_64-linux/pkpnafs)
+
+
+
+ | User |
+ master@pkpnafs |
+
+
+ | Cpu |
+ AMD EPYC 7702P 64-Core (4) @ 2.00 GHz |
+
+
+ | Ram |
+ 16GB |
+
+
+ | Build |
+ nixos-rebuild switch --flake .#pkpnafs --target-host master@pkpnafs --build-host master@pkpnafs --use-remote-sudo |
+
+
+ | SSH Config |
+
+Host pkpnafs
+ Port 3422
+ User master
+ HostName pkpnafs.kb-one.de
+ IdentityFile /home/kb/.ssh/master@pkpnafs |
+
+
+
+
## License
diff --git a/flake.nix b/flake.nix
index 3d4c9c0..f821701 100644
--- a/flake.nix
+++ b/flake.nix
@@ -27,35 +27,27 @@
nix.optimise.automatic = true;
channels-config.allowUnfree = false;
- # Configure Flake Utils Plus
- supportedSystems = inputs.snowfall-lib.inputs.flake-utils-plus.lib.defaultSystems ++ ["i686-linux"];
-
# Configure Snowfall Lib
snowfall = {
- meta.name = "kB01s System Configuration Flake";
- meta.title = "kB01s System Configuration Flake";
- namespace = "kb-one";
+ meta.name = "Serverraum mit Matratze Infra Configuration";
+ meta.title = "Serverraum mit Matratze Infra Configuration";
+ namespace = "internal";
};
- # Modules for Host HyperC
- systems.hosts.HyperC.modules = with inputs; [
+ # Modules for Host mow0m
+ systems.hosts.mow0m.modules = with inputs; [
+ lix-module.nixosModules.default
+ ];
+ # Modules for Host senfnvp
+ systems.hosts.senfnvp.modules = with inputs; [
lix-module.nixosModules.default
];
- # Modules for Host kb-game-01
- systems.hosts.kb-game-01.modules = with inputs; [
+ # Modules for Host pkpnafs
+ systems.hosts.pkpnafs.modules = with inputs; [
lix-module.nixosModules.default
];
- # Modules for Host LoyAdjo
- systems.hosts.LoyAdjo.modules = with inputs; [
- lix-module.nixosModules.default
- ];
-
- # Modules for Host Rubtrm
- systems.hosts.Rubtrm.modules = with inputs; [
- # lix-module.nixosModules.default
- ];
# Modules that get imported to every NixOS system
systems.modules.nixos = with inputs; [
@@ -65,13 +57,5 @@
outputs-builder = channels: { formatter = channels.nixpkgs.nixfmt-rfc-style; };
};
-
- # outputs = { self, nixpkgs, ... }@inputs: {
- # nixosConfigurations."Rubtrm" = nixpkgs.lib.nixosSystem {
- # system = "i686-linux";
- # modules = [ ./systems/i686-linux/Rubtrm/default.nix ];
- # };
- # };
-
}
diff --git a/modules/nixos/services/minecraft/README.md b/modules/nixos/services/minecraft/README.md
new file mode 100644
index 0000000..ff3215a
--- /dev/null
+++ b/modules/nixos/services/minecraft/README.md
@@ -0,0 +1,10 @@
+# Minecraft Server Configuration
+
+Details about the Minecraft Module.
+
+## Installation
+
+1. Rebuild switch configuration
+2. Create Database Structure
+ 1. New Database `sudo mysql -u root < /run/secrets/rendered/minecraft/database/database-init.sql`
+ 2. Restore Backup `sudo mysql -u root < path/to/backup.sql`
diff --git a/modules/nixos/services/minecraft/database.nix b/modules/nixos/services/minecraft/database.nix
new file mode 100644
index 0000000..f530f8d
--- /dev/null
+++ b/modules/nixos/services/minecraft/database.nix
@@ -0,0 +1,27 @@
+{
+ inputs,
+ config,
+ lib,
+ pkgs,
+ system,
+ ...
+}:
+let
+ cfg = config.services.minecraft;
+in
+{
+ config = lib.mkIf (cfg.enable && (cfg.servers.velocity.enable || cfg.servers.survival.enable)) {
+ services.mysql = {
+ package = pkgs.mariadb;
+ enable = true;
+ settings.mysqld.port = 3459;
+ };
+ sops.secrets."minecraft/database/luckperms_password" = { sopsFile = ./secrets.yaml; };
+ sops.templates."minecraft/database/database-init.sql".content = ''
+ CREATE DATABASE 'luckperms';
+ CREATE USER 'luckperms'@'localhost';
+ GRANT ALL PRIVILEGES ON luckperms.* TO 'luckperms'@'localhost' IDENTIFIED BY '${config.sops.placeholder."minecraft/database/luckperms_password"}';
+ '';
+ # services.mysqlBackup.databases = [ "luckperms" ]; # Add Luckperms Database to Backups
+ };
+}
diff --git a/modules/nixos/services/minecraft/default.nix b/modules/nixos/services/minecraft/default.nix
new file mode 100644
index 0000000..25284c2
--- /dev/null
+++ b/modules/nixos/services/minecraft/default.nix
@@ -0,0 +1,49 @@
+{ inputs, config, lib, pkgs, ... }:
+let
+ cfg = config.services.minecraft;
+in
+{
+ imports = [
+ inputs.nix-minecraft.nixosModules.minecraft-servers
+ ./vanilla-test.nix
+ ./survival.nix
+ ./velocity.nix
+ ./database.nix
+ ];
+
+ options.services.minecraft = {
+ enable = lib.mkOption {
+ type = with lib.types; uniq bool;
+ default = false;
+ description = "Enable kBs Minecraft Servers";
+ };
+ servers.vanilla.enable = lib.mkOption {
+ type = with lib.types; uniq bool;
+ default = false;
+ description = "test server";
+ };
+ servers.survival.enable = lib.mkOption {
+ type = with lib.types; uniq bool;
+ default = false;
+ description = "Survival Server";
+ };
+ servers.velocity.enable = lib.mkOption {
+ type = with lib.types; uniq bool;
+ default = false;
+ description = "Velocity Proxy Server";
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+ "minecraft-server"
+ ];
+ services.minecraft-servers = {
+ enable = true;
+ eula = true;
+ };
+
+
+ };
+}
+
diff --git a/modules/nixos/services/minecraft/secrets.yaml b/modules/nixos/services/minecraft/secrets.yaml
new file mode 100644
index 0000000..30a3e9c
--- /dev/null
+++ b/modules/nixos/services/minecraft/secrets.yaml
@@ -0,0 +1,23 @@
+minecraft:
+ database:
+ luckperms_password: ENC[AES256_GCM,data:Gnt/SilH7q4t1NzCeaqCc6nxso9cWt7b/KXCxzrDdR1LAnmex3QL5Q==,iv:PrTkXcMPPyfJkAKxSKUkaPbYcH+9n6W7MPcTR5e4L8g=,tag:sxDdUHyN+fCIi4g0K+oQIw==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age165jt2q3uxp79k4jfsegnq7ul9j54l2rqsn87rq0qjkcv3y5krcmqsznyw7
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBScTUyNFBNdHFwd1pudWNK
+ Y2F2aXFLYmh4RURJLy9mMisxMU96VGRiU2hjCjdSZmxLRFF6OVpFNy9iQ0NLdytl
+ UHdSaUVtMnlWQ3d1ZnluNXVHOWdoalkKLS0tIDBxVGdaZWhTclJWZ3FwZHRHSTN1
+ RDhlN1JjWW1XZERLWExRSTlDN3ZjZkEKMiQaUezdBcWOH82Sk451PdB54SzYwcXY
+ YkjGp+bB7rIz07no68Xl4qmO+/iHKSFlPvG4jR/j4ZaNYiU9aeldLA==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2025-01-17T14:22:01Z"
+ mac: ENC[AES256_GCM,data:BlLD3wEezCCA9t1X4xmy9lfT3ztsR3dknio78Si9v3UJmpJSOpwJ/VhU5RRbMzL1EyOrU1abEr6em83s6LRq87fwso1j6asOavELT5WOfl6f5CU2iK8nQGWZCFeR+09d9hVI+AAH9farpgTDd5sHfUFPCKEaGwuTenpeF4Tonak=,iv:JYoHMIPkT+Dv3GZlp1wt7wlU7IYL6erd/u0cuclB0Ow=,tag:XD8pd/GCrdLRvdEFBgowJA==,type:str]
+ pgp: []
+ unencrypted_suffix: _unencrypted
+ version: 3.9.2
diff --git a/modules/nixos/services/minecraft/survival.nix b/modules/nixos/services/minecraft/survival.nix
new file mode 100644
index 0000000..f1e0879
--- /dev/null
+++ b/modules/nixos/services/minecraft/survival.nix
@@ -0,0 +1,49 @@
+{
+ inputs,
+ config,
+ lib,
+ pkgs,
+ system,
+ ...
+}:
+let
+ cfg = config.services.minecraft;
+in
+{
+ config = lib.mkIf (cfg.enable && cfg.servers.survival.enable) {
+ services.minecraft-servers.servers."survival" = {
+ enable = true;
+ autoStart = true;
+ enableReload = true;
+ package = pkgs.paperServers.paper-1_21_4;
+ serverProperties = {
+ online-mode = false;
+ server-ip = "127.0.0.1";
+ server-port = 49333;
+ difficulty = 3;
+ gamemode = 1;
+ max-players = 5;
+ };
+ openFirewall = false; # Should use Velocity Player Proxy
+
+ # Add Plugins
+ symlinks = {
+ "plugins/LuckPerms.jar" = pkgs.fetchurl {
+ url = "https://download.luckperms.net/1567/bukkit/loader/LuckPerms-Bukkit-5.4.150.jar";
+ sha512 = "39cr9nd68afrrvn80kvdgaml37xkj3mzhv50y3app5j1199hg12kls29r49x06p9rxm6dk7i0j8aww2hw4ahm18andb69a5kp97vf94";
+ };
+ };
+
+ # Configure Velocity Modern forwarding https://docs.papermc.io/velocity/player-information-forwarding#configuring-modern-forwarding-for-paper
+ files."spigot.yml".value = {
+ settings.bungeecord = false;
+ };
+ files."config/paper-global.yml".value = {
+ proxies.velocity.enabled = true;
+ proxies.velocity.online-mode = "online-mode";
+ forwarding.secret = ""; # TODO: Add Forewarding Secret using Sops
+ };
+ };
+ };
+}
+
diff --git a/modules/nixos/services/minecraft/vanilla-test.nix b/modules/nixos/services/minecraft/vanilla-test.nix
new file mode 100644
index 0000000..4a2474e
--- /dev/null
+++ b/modules/nixos/services/minecraft/vanilla-test.nix
@@ -0,0 +1,30 @@
+{
+ inputs,
+ config,
+ lib,
+ pkgs,
+ system,
+ ...
+}:
+let
+ cfg = config.services.minecraft;
+in
+{
+ config = lib.mkIf (cfg.enable && cfg.servers.vanilla.enable) {
+ nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+ "minecraft-server"
+ ];
+
+ services.minecraft-servers.servers."vanilla-test" = {
+ enable = true;
+ autoStart = true;
+ enableReload = true;
+ package = pkgs.vanillaServers.vanilla;
+ whitelist = {
+ kB01guy = "1ff88b66-beda-4386-85b9-a00a5c27437a";
+ };
+ openFirewall = true;
+ };
+ };
+}
+
diff --git a/modules/nixos/services/minecraft/velocity.nix b/modules/nixos/services/minecraft/velocity.nix
new file mode 100644
index 0000000..3ab1b26
--- /dev/null
+++ b/modules/nixos/services/minecraft/velocity.nix
@@ -0,0 +1,73 @@
+{
+ inputs,
+ config,
+ lib,
+ pkgs,
+ system,
+ ...
+}:
+let
+ cfg = config.services.minecraft;
+in
+{
+ config = lib.mkIf (cfg.enable && cfg.servers.velocity.enable) {
+
+ # Configure Server
+ services.minecraft-servers.servers."velocity" = {
+ enable = true;
+ autoStart = true;
+ enableReload = true;
+ stopCommand = "end";
+ package = pkgs.velocityServers.velocity;
+ symlinks = {
+ "plugins/LuckPerms.jar" = pkgs.fetchurl {
+ url = "https://download.luckperms.net/1567/velocity/LuckPerms-Velocity-5.4.150.jar";
+ sha512 = "3dr69g2fbav3if44nmifgz7hn86gdf62hcks92kkvwxf4xa3z7x615j426kgljyhgy84hf75wzpai258mg7dj9x17vpkn634kkzwmw6";
+ };
+ "plugins/Geyser-Velocity.jar" = pkgs.fetchurl {
+ url = "https://download.geysermc.org/v2/projects/geyser/versions/2.6.0/builds/730/downloads/velocity";
+ sha512 = "3shnm8q8vq8j44xxg4qwqwalw6ml9nkzfrzvv8pkblkjp25nfk3h14b4y9vdim1sa2a18mkf8hmhb16g1mka2rh7l0z0yg4kh3lj2i0";
+ };
+ "plugins/floodgate-velocity.jar" = pkgs.fetchurl {
+ url = "https://download.geysermc.org/v2/projects/floodgate/versions/2.2.3/builds/114/downloads/velocity";
+ sha512 = "1k7qban3gar0fxxi5kp5i8d72k6ck65cvsfbg4nh8bz40jwqn35fx9gj3zbb06x5l8sg6qxl7w2nsn3jan4hjq7m5lwf2c1l1mjaw81";
+ };
+ "plugins/LibreLogin.jar" = pkgs.fetchurl {
+ url = "https://modrinth.com/plugin/libre-login/version/0.23.0";
+ sha512 = "1wrnp82vv47hhvjp1lxdndmngndykshi7iindnpg61j0v7i8bdgr9rk5qvanvw95gcj59cnhxdmjynq8fm127n4gv53acdidlxz39sd";
+ };
+ };
+ files = {
+ "velocity.toml".value = {
+ config-version = "2.7"; # NEVER change this!
+ bind = "0.0.0.0:25565";
+ online-mode = false;
+ player-info-forwarding-mode = "modern";
+ enable-player-address-logging = false;
+ # servers.lobby = "";
+ servers.survival = "127.0.0.1:${toString config.services.minecraft-servers.servers."survival".serverProperties.server-port}";
+ servers.lobby = "127.0.0.1:123";
+ servers.try = [
+ #"lobby"
+ "survival"
+ ];
+ forced-hosts."lobby.example.com" = [ "lobby" ];
+ advanced.tcp-fast-open = true;
+ };
+ };
+ };
+ networking.firewall.allowedTCPPorts = [ 25565 ];
+
+ # Configure Plugin Luckperms
+ sops.templates."minecraft/velocity/plugin/luckperms/config.yml".path = "/srv/minecraft/velocity/plugins/luckperms/config.yml";
+ sops.templates."minecraft/velocity/plugin/luckperms/config.yml".owner = config.services.minecraft-servers.user;
+ sops.templates."minecraft/velocity/plugin/luckperms/config.yml".content = lib.generators.toYAML { } { # Unfortunately currently lib.generators.toYAML generates JSON, and the File will not be Human readable
+ storage-method = "mariadb";
+ data.address = "localhost:${toString config.services.mysql.settings.mysqld.port}";
+ data.database = "luckperms";
+ data.username = "luckperms";
+ data.password = ''${config.sops.placeholder."minecraft/database/luckperms_password"}''; # Secret created in ./database.nix
+ };
+ };
+}
+
diff --git a/systems/aarch64-linux/senfnvp/default.nix b/systems/aarch64-linux/senfnvp/default.nix
new file mode 100644
index 0000000..d4beb4f
--- /dev/null
+++ b/systems/aarch64-linux/senfnvp/default.nix
@@ -0,0 +1,75 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ ./hardware.nix
+ ];
+
+ # Configure Nix
+ nix.settings.experimental-features = [ "nix-command" "flakes" ];
+ nix.settings.trusted-users=[ "remotebuild" ];
+ nix.package = pkgs.lix;
+
+ # Networking
+ networking.hostName = "senfnvp";
+ networking.networkmanager.enable = true;
+ networking.nameservers = [
+ "1.1.1.1"
+ ];
+
+ # Set your time zone.
+ time.timeZone = "Europe/Amsterdam";
+
+ # Select internationalisation properties.
+ i18n.defaultLocale = "en_US.UTF-8";
+ console = {
+ font = "Lat2-Terminus16";
+ keyMap = "de";
+ };
+
+ users.users.master = { # Managed by Homemanager
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJszrrdVHmMUdgOakyFNOIPV9BfopwflqivmK13Fmsab kb@Ohybke"
+ ];
+ isNormalUser = true;
+ extraGroups = [ "wheel" ];
+ };
+
+ users.users.remotebuild = {
+ isNormalUser = true;
+ createHome = true;
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJV9cwMXlbaBdg2gReSnLxH3EV5cyFoSi21f5fZhPfdC kb@Ohybke"
+ ];
+ };
+
+ environment.systemPackages = with pkgs; [
+ git
+ wget
+ vim
+ tree
+ fastfetch
+ ];
+
+ # Default Editor
+ programs.vim.enable = true;
+ programs.vim.defaultEditor = true;
+
+ # SSH and Mosh
+ services.openssh = {
+ enable = true;
+ settings.PasswordAuthentication = false;
+ settings.KbdInteractiveAuthentication = false;
+ ports = [ 9553 ];
+ openFirewall = true;
+ };
+ programs.mosh.enable = true;
+
+ # Open ports in the firewall.
+ # networking.firewall.allowedTCPPorts = [ ... ];
+ # networking.firewall.allowedUDPPorts = [ ... ];
+
+ system.stateVersion = "24.11"; # NEVER CHANGE THIS !!!!
+
+}
+
diff --git a/systems/aarch64-linux/senfnvp/hardware.nix b/systems/aarch64-linux/senfnvp/hardware.nix
new file mode 100644
index 0000000..1df4e24
--- /dev/null
+++ b/systems/aarch64-linux/senfnvp/hardware.nix
@@ -0,0 +1,52 @@
+{ config, lib, pkgs, modulesPath, ... }:
+{
+ imports = [
+ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
+
+ # System
+ boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" "sr_mod" "sr_mod" "r8169" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+ nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+
+ # Boot Loader
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ # SSH Remote Unlock
+ boot.kernelParams = [ "ip=dhcp" ];
+ boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";
+ boot.initrd.network = {
+ enable = true;
+ ssh = {
+ enable = true;
+ port = 7299;
+ authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6jJa135d46R9XgV7h5SfxALabycI5ZPN8kdSQbEkYM kb@Ohybke" ];
+ hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ];
+ };
+ postCommands = ''
+ echo 'cryptsetup-askpass' >> /root/.profile
+ '';
+ };
+
+ # Disks
+ boot.initrd.luks.devices."luks-2d08047a-a014-480b-8a24-a70e20a2d7d7".device = "/dev/disk/by-uuid/2d08047a-a014-480b-8a24-a70e20a2d7d7";
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/9c1d9682-5cfb-4683-a789-f544fc6e7681";
+ fsType = "ext4";
+ };
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/FEAA-61DA";
+ fsType = "vfat";
+ options = [ "fmask=0077" "dmask=0077" ];
+ };
+
+ swapDevices = [ ];
+
+ # Networking
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
+
+}
diff --git a/systems/x86_64-linux/pkpnafs/default.nix b/systems/x86_64-linux/pkpnafs/default.nix
new file mode 100644
index 0000000..e1021a9
--- /dev/null
+++ b/systems/x86_64-linux/pkpnafs/default.nix
@@ -0,0 +1,102 @@
+{ config, lib, pkgs, inputs, ... }:
+
+{
+ imports = [ # Include the results of the hardware scan.
+ ./hardware.nix
+ ];
+
+ # Configure Nix
+ nix.settings.experimental-features = [ "nix-command" "flakes" ];
+ nix.settings.trusted-users=[ "remotebuild" ];
+ nix.settings.trusted-public-keys = [
+ "cache.HyperC:90YNJ0eWsuBGVVP989lJh1rL8C0KM6IKbAtEUiu+FCU="
+ ];
+ nix.package = pkgs.lix;
+ nixpkgs.overlays = [ inputs.nix-minecraft.overlay ];
+
+ # Use the GRUB 2 boot loader.
+ boot.loader.grub.enable = true;
+ boot.loader.grub.efiSupport = true;
+ boot.loader.grub.devices = [ "nodev" ];
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ # Define your hostname.
+ networking.hostName = "pkpnafs";
+
+ # Set your time zone.
+ time.timeZone = "Europe/Amsterdam";
+
+ # Configure keymap in X11
+ services.xserver.xkb.layout = "us";
+
+ # Define a user account. Don't forget to set a password with ‘passwd’.
+ users.users.master = {
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKLbU0GpeqkYOsccsddQgZAppd5SFiokGAfjKr+dEEjY kb HyperC"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHS3DoQe/4TtdTLD/Fl41rTjE0n5MyFMl59VGVejcskO kb voloxo"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpN/3esM0SFLJ2guCBOYX8IdBC+jUiMF+xPYkTEuzbe kb-work yerukall"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMN1LWMOfFtRKkSLIA/XTj3KYm7OG2bjqEmGXj0gmDc7 kb@LoyAdjo"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7W8FUUvM8rUGK6qV3XOIxR0y/pdyo9z5HZNzOADs5+ kb@Rubtrm"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILgfAxGyxjNOZyuUZIlwVCzj/mBM9uM7apNDzEJ3g+F+ kb@LANA9C"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKurR2GzSHyD3AM0Xn+YmwfGcLjBlQX1ZRh93S8YiQwn kb@Ohybke"
+ ];
+ isNormalUser = true;
+ extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+ packages = with pkgs; [
+ vim
+ sops
+ ];
+ };
+
+ users.users.remotebuild = {
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHdxVb42GEb/rwrsQx/Wc2v2P+WIq8/WNlF+l31Rl/a Remotebuilds from HyperC"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/WONflZXVoZd8I4HdNMXNtoYELnCaxqdFY0QKDXXS9 Remotebuilds from Rubtrm"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJqjdhtK0xeJcHwwCAia6I+WuZCkN9pUS21MNjJ2jOuc Remotebuilds from LANA9Z"
+ ];
+ };
+
+ # List packages installed in system profile. To search, run:
+ environment.systemPackages = with pkgs; [
+ vim
+ wget
+ git
+ tree
+ ];
+
+ # Default Editor
+ programs.vim.enable = true;
+ programs.vim.defaultEditor = true;
+
+ # Sops Secrets Config
+ sops.defaultSopsFormat = "yaml";
+ sops.age.keyFile = "/home/master/.config/sops/age/keys.txt";
+
+ # SSH and Mosh
+ services.openssh = {
+ enable = true;
+ settings.PasswordAuthentication = false;
+ settings.KbdInteractiveAuthentication = false;
+ ports = [ 3422 ];
+ openFirewall = true;
+ };
+ programs.mosh.enable = true;
+
+ # Minecraft Servers
+ services.minecraft = {
+ enable = true;
+ servers.velocity.enable = true;
+ servers.survival.enable = true;
+ };
+
+ # Forgejo Runner
+ services.forgejo-runner.enable = true;
+
+ # Binary Cache
+ services.binary-cache.enable = false; # No Binary-Cache, when there are Secrets in the /nix/store
+
+ # Do NOT change this value
+ system.stateVersion = "24.05"; # Did you read the comment?
+}
+
diff --git a/systems/x86_64-linux/pkpnafs/hardware.nix b/systems/x86_64-linux/pkpnafs/hardware.nix
new file mode 100644
index 0000000..a21a766
--- /dev/null
+++ b/systems/x86_64-linux/pkpnafs/hardware.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, modulesPath, ... }:
+{
+ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+ boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ # Filesystems
+ fileSystems."/" = {
+ device = "/dev/disk/by-label/NIXROOT";
+ fsType = "ext4";
+ };
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-label/NIXBOOT";
+ fsType = "vfat";
+ options = [ "fmask=0022" "dmask=0022" ];
+ };
+ swapDevices = [ ];
+
+ # Misc
+ networking.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
+