Added Cloud Hosts

README.md

@@ -86,19 +86,88 @@ nixos-rebuild switch --flake .#mow0m --build-host master@mow0m --target-host mas
     <td>SSH Config</td>
     <td><pre lang="bash">
 Host mow0m
-        HostName mow0m.lan
+  HostName mow0m.lan
-        User master
+  User master
-        Port 9553
+  Port 9553
-        IdentityFile ~/.ssh/master@mow0m
+  IdentityFile ~/.ssh/master@mow0m
 Host remoteunlock-mow0m
-        HostName mow0m.lan
+  HostName mow0m.lan
-        User root
+  User root
-        Port 2550
+  Port 2550
-        IdentityFile ~/.ssh/remoteunlock-mow0m</pre></td>
+  IdentityFile ~/.ssh/remoteunlock-mow0m</pre></td>
   </tr>
-
 </table>
 
+### senfnvp
+
+[Configuration](./systems/aarch64-linux/senfnvp)
+
+<table>
+  <tr>
+    <td>User</td>
+    <td>master@senfnvp</td>
+  </tr>
+  <tr>
+    <td>Cpu</td>
+    <td>dummy-virt (10)</td>
+  </tr>
+  <tr>
+    <td>Ram</td>
+    <td>16GB</td>
+  </tr>
+  <tr>
+    <td>Build</td>
+    <td><pre lang="bash">nixos-rebuild switch --flake .#senfnvp --target-host master@senfnvp --build-host master@senfnvp --use-remote-sudo</pre></td>
+  </tr>
+  <tr>
+    <td>SSH Config</td>
+    <td><pre lang="bash">
+Host senfnvp
+  Port 9553
+  User master
+  HostName senfnvp.kb-one.de
+  IdentityFile ~/.ssh/master@senfnvp
+Host remoteunlock-senfnvp
+  Port 7299
+  User root
+  HostName senfnvp.kb-one.de
+  IdentityFile ~/.ssh/root@remoteunlock-senfnvp</pre></td>
+  </tr>
+</table>
+
+### pkpnafs
+
+[Configuration](./systems/x68_64-linux/pkpnafs)
+
+<table>
+  <tr>
+    <td>User</td>
+    <td>master@pkpnafs</td>
+  </tr>
+  <tr>
+    <td>Cpu</td>
+    <td>AMD EPYC 7702P 64-Core (4) @ 2.00 GHz</td>
+  </tr>
+  <tr>
+    <td>Ram</td>
+    <td>16GB</td>
+  </tr>
+  <tr>
+    <td>Build</td>
+    <td><pre lang="bash">nixos-rebuild switch --flake .#pkpnafs --target-host master@pkpnafs --build-host master@pkpnafs --use-remote-sudo</pre></td>
+  </tr>
+  <tr>
+    <td>SSH Config</td>
+    <td><pre lang="bash">
+Host pkpnafs
+  Port 3422
+  User master
+  HostName pkpnafs.kb-one.de
+  IdentityFile /home/kb/.ssh/master@pkpnafs</pre></td>
+  </tr>
+</table>
+
+
 
 ## License
 

flake.nix

@@ -27,35 +27,27 @@
     nix.optimise.automatic = true;
     channels-config.allowUnfree = false;
 
-    # Configure Flake Utils Plus
-    supportedSystems = inputs.snowfall-lib.inputs.flake-utils-plus.lib.defaultSystems ++ ["i686-linux"];
-
     # Configure Snowfall Lib
     snowfall = {
-      meta.name = "kB01s System Configuration Flake";
+      meta.name = "Serverraum mit Matratze Infra Configuration";
-      meta.title = "kB01s System Configuration Flake";
+      meta.title = "Serverraum mit Matratze Infra Configuration";
-      namespace = "kb-one";
+      namespace = "internal";
     };
 
-    # Modules for Host HyperC
+    # Modules for Host mow0m
-    systems.hosts.HyperC.modules = with inputs; [
+    systems.hosts.mow0m.modules = with inputs; [
+      lix-module.nixosModules.default
+    ];
+    # Modules for Host senfnvp
+    systems.hosts.senfnvp.modules = with inputs; [
       lix-module.nixosModules.default
     ];
 
-    # Modules for Host kb-game-01
+    # Modules for Host pkpnafs
-    systems.hosts.kb-game-01.modules = with inputs; [
+    systems.hosts.pkpnafs.modules = with inputs; [
       lix-module.nixosModules.default
     ];
 
-    # Modules for Host LoyAdjo
-    systems.hosts.LoyAdjo.modules = with inputs; [
-      lix-module.nixosModules.default
-    ];
-
-    # Modules for Host Rubtrm
-    systems.hosts.Rubtrm.modules = with inputs; [
-      # lix-module.nixosModules.default
-    ];
 
     # Modules that get imported to every NixOS system
     systems.modules.nixos = with inputs; [
@@ -65,13 +57,5 @@
     outputs-builder = channels: { formatter = channels.nixpkgs.nixfmt-rfc-style; };
 
   };
-
-  # outputs = { self, nixpkgs, ... }@inputs: {
-  #   nixosConfigurations."Rubtrm" = nixpkgs.lib.nixosSystem {
-  #     system = "i686-linux";
-  #     modules = [ ./systems/i686-linux/Rubtrm/default.nix ];
-  #   };
-  # };
-
 }
 

modules/nixos/services/minecraft/README.md

@@ -0,0 +1,10 @@
+# Minecraft Server Configuration
+
+Details about the Minecraft Module.
+
+## Installation
+
+1. Rebuild switch configuration
+2. Create Database Structure 
+  1. New Database `sudo mysql -u root < /run/secrets/rendered/minecraft/database/database-init.sql`
+  2. Restore Backup `sudo mysql -u root < path/to/backup.sql`

modules/nixos/services/minecraft/database.nix

@@ -0,0 +1,27 @@
+{
+  inputs,
+  config,
+  lib,
+  pkgs,
+  system,
+  ...
+}:
+let
+  cfg = config.services.minecraft;
+in
+{
+  config = lib.mkIf (cfg.enable && (cfg.servers.velocity.enable || cfg.servers.survival.enable)) {
+    services.mysql = {
+      package = pkgs.mariadb;
+      enable = true;
+      settings.mysqld.port = 3459;
+    };
+    sops.secrets."minecraft/database/luckperms_password" = { sopsFile = ./secrets.yaml; };
+    sops.templates."minecraft/database/database-init.sql".content = ''
+      CREATE DATABASE 'luckperms';
+      CREATE USER 'luckperms'@'localhost';
+      GRANT ALL PRIVILEGES ON luckperms.* TO 'luckperms'@'localhost' IDENTIFIED BY '${config.sops.placeholder."minecraft/database/luckperms_password"}';
+    '';
+    # services.mysqlBackup.databases = [ "luckperms" ]; # Add Luckperms Database to Backups
+  };
+}

modules/nixos/services/minecraft/default.nix

@@ -0,0 +1,49 @@
+{ inputs, config, lib, pkgs, ... }:
+let
+  cfg = config.services.minecraft;
+in
+{
+  imports = [
+    inputs.nix-minecraft.nixosModules.minecraft-servers
+    ./vanilla-test.nix
+    ./survival.nix
+    ./velocity.nix
+    ./database.nix
+  ];
+
+  options.services.minecraft = {
+    enable = lib.mkOption {
+      type = with lib.types; uniq bool;
+      default = false;
+      description = "Enable kBs Minecraft Servers";
+    };
+    servers.vanilla.enable = lib.mkOption {
+      type = with lib.types; uniq bool;
+      default = false;
+      description = "test server";
+    };
+    servers.survival.enable = lib.mkOption {
+      type = with lib.types; uniq bool;
+      default = false;
+      description = "Survival Server";
+    };
+    servers.velocity.enable = lib.mkOption {
+      type = with lib.types; uniq bool;
+      default = false;
+      description = "Velocity Proxy Server";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+      "minecraft-server"
+    ];
+    services.minecraft-servers = {
+      enable = true;
+      eula = true;
+    };
+
+    
+  };
+}
+

modules/nixos/services/minecraft/secrets.yaml

@@ -0,0 +1,23 @@
+minecraft:
+    database:
+        luckperms_password: ENC[AES256_GCM,data:Gnt/SilH7q4t1NzCeaqCc6nxso9cWt7b/KXCxzrDdR1LAnmex3QL5Q==,iv:PrTkXcMPPyfJkAKxSKUkaPbYcH+9n6W7MPcTR5e4L8g=,tag:sxDdUHyN+fCIi4g0K+oQIw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age165jt2q3uxp79k4jfsegnq7ul9j54l2rqsn87rq0qjkcv3y5krcmqsznyw7
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBScTUyNFBNdHFwd1pudWNK
+            Y2F2aXFLYmh4RURJLy9mMisxMU96VGRiU2hjCjdSZmxLRFF6OVpFNy9iQ0NLdytl
+            UHdSaUVtMnlWQ3d1ZnluNXVHOWdoalkKLS0tIDBxVGdaZWhTclJWZ3FwZHRHSTN1
+            RDhlN1JjWW1XZERLWExRSTlDN3ZjZkEKMiQaUezdBcWOH82Sk451PdB54SzYwcXY
+            YkjGp+bB7rIz07no68Xl4qmO+/iHKSFlPvG4jR/j4ZaNYiU9aeldLA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-01-17T14:22:01Z"
+    mac: ENC[AES256_GCM,data:BlLD3wEezCCA9t1X4xmy9lfT3ztsR3dknio78Si9v3UJmpJSOpwJ/VhU5RRbMzL1EyOrU1abEr6em83s6LRq87fwso1j6asOavELT5WOfl6f5CU2iK8nQGWZCFeR+09d9hVI+AAH9farpgTDd5sHfUFPCKEaGwuTenpeF4Tonak=,iv:JYoHMIPkT+Dv3GZlp1wt7wlU7IYL6erd/u0cuclB0Ow=,tag:XD8pd/GCrdLRvdEFBgowJA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.2

modules/nixos/services/minecraft/survival.nix

@@ -0,0 +1,49 @@
+{
+  inputs,
+  config,
+  lib,
+  pkgs,
+  system,
+  ...
+}:
+let
+  cfg = config.services.minecraft;
+in
+{
+  config = lib.mkIf (cfg.enable && cfg.servers.survival.enable) {
+    services.minecraft-servers.servers."survival" = {
+      enable = true;
+      autoStart = true;
+      enableReload = true;
+      package = pkgs.paperServers.paper-1_21_4;
+      serverProperties = {
+        online-mode = false;
+        server-ip = "127.0.0.1";
+        server-port = 49333;
+        difficulty = 3;
+        gamemode = 1;
+        max-players = 5;
+      };
+      openFirewall = false; # Should use Velocity Player Proxy
+
+      # Add Plugins
+      symlinks = {
+        "plugins/LuckPerms.jar" = pkgs.fetchurl {
+          url = "https://download.luckperms.net/1567/bukkit/loader/LuckPerms-Bukkit-5.4.150.jar"; 
+          sha512 = "39cr9nd68afrrvn80kvdgaml37xkj3mzhv50y3app5j1199hg12kls29r49x06p9rxm6dk7i0j8aww2hw4ahm18andb69a5kp97vf94"; 
+        };
+      };
+
+      # Configure Velocity Modern forwarding https://docs.papermc.io/velocity/player-information-forwarding#configuring-modern-forwarding-for-paper
+      files."spigot.yml".value = {
+        settings.bungeecord = false;
+      };
+      files."config/paper-global.yml".value = {
+        proxies.velocity.enabled = true;
+        proxies.velocity.online-mode = "online-mode";
+        forwarding.secret = ""; # TODO: Add Forewarding Secret using Sops
+      };
+    };
+  };
+}
+

modules/nixos/services/minecraft/vanilla-test.nix

@@ -0,0 +1,30 @@
+{
+  inputs,
+  config,
+  lib,
+  pkgs,
+  system,
+  ...
+}:
+let
+  cfg = config.services.minecraft;
+in
+{
+  config = lib.mkIf (cfg.enable && cfg.servers.vanilla.enable) {
+    nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+      "minecraft-server"
+    ];
+
+    services.minecraft-servers.servers."vanilla-test" = {
+      enable = true;
+      autoStart = true;
+      enableReload = true;
+      package = pkgs.vanillaServers.vanilla;
+      whitelist = {
+        kB01guy = "1ff88b66-beda-4386-85b9-a00a5c27437a";
+      };
+      openFirewall = true;
+    };
+  };
+}
+

modules/nixos/services/minecraft/velocity.nix

@@ -0,0 +1,73 @@
+{
+  inputs,
+  config,
+  lib,
+  pkgs,
+  system,
+  ...
+}:
+let
+  cfg = config.services.minecraft;
+in
+{
+  config = lib.mkIf (cfg.enable && cfg.servers.velocity.enable) {
+
+    # Configure Server 
+    services.minecraft-servers.servers."velocity" = {
+      enable = true;
+      autoStart = true;
+      enableReload = true;
+      stopCommand = "end";
+      package = pkgs.velocityServers.velocity;
+      symlinks = {
+        "plugins/LuckPerms.jar" = pkgs.fetchurl { 
+          url = "https://download.luckperms.net/1567/velocity/LuckPerms-Velocity-5.4.150.jar"; 
+          sha512 = "3dr69g2fbav3if44nmifgz7hn86gdf62hcks92kkvwxf4xa3z7x615j426kgljyhgy84hf75wzpai258mg7dj9x17vpkn634kkzwmw6";
+        };
+        "plugins/Geyser-Velocity.jar" = pkgs.fetchurl {
+          url = "https://download.geysermc.org/v2/projects/geyser/versions/2.6.0/builds/730/downloads/velocity";
+          sha512 = "3shnm8q8vq8j44xxg4qwqwalw6ml9nkzfrzvv8pkblkjp25nfk3h14b4y9vdim1sa2a18mkf8hmhb16g1mka2rh7l0z0yg4kh3lj2i0";
+        };
+        "plugins/floodgate-velocity.jar" = pkgs.fetchurl {
+          url = "https://download.geysermc.org/v2/projects/floodgate/versions/2.2.3/builds/114/downloads/velocity";
+          sha512 = "1k7qban3gar0fxxi5kp5i8d72k6ck65cvsfbg4nh8bz40jwqn35fx9gj3zbb06x5l8sg6qxl7w2nsn3jan4hjq7m5lwf2c1l1mjaw81";
+        };
+        "plugins/LibreLogin.jar" = pkgs.fetchurl {
+          url = "https://modrinth.com/plugin/libre-login/version/0.23.0";
+          sha512 = "1wrnp82vv47hhvjp1lxdndmngndykshi7iindnpg61j0v7i8bdgr9rk5qvanvw95gcj59cnhxdmjynq8fm127n4gv53acdidlxz39sd";
+        };
+      };
+      files = {
+        "velocity.toml".value = {
+          config-version = "2.7"; # NEVER change this!
+          bind = "0.0.0.0:25565";
+          online-mode = false;
+          player-info-forwarding-mode = "modern";
+          enable-player-address-logging = false;
+          # servers.lobby = "";
+          servers.survival = "127.0.0.1:${toString config.services.minecraft-servers.servers."survival".serverProperties.server-port}";
+          servers.lobby = "127.0.0.1:123";
+          servers.try = [
+            #"lobby"
+            "survival"
+          ];
+          forced-hosts."lobby.example.com" = [ "lobby" ];
+          advanced.tcp-fast-open = true;
+        };
+      };
+    };
+    networking.firewall.allowedTCPPorts = [ 25565 ];
+
+    # Configure Plugin Luckperms
+    sops.templates."minecraft/velocity/plugin/luckperms/config.yml".path = "/srv/minecraft/velocity/plugins/luckperms/config.yml";
+    sops.templates."minecraft/velocity/plugin/luckperms/config.yml".owner = config.services.minecraft-servers.user;
+    sops.templates."minecraft/velocity/plugin/luckperms/config.yml".content = lib.generators.toYAML { } { # Unfortunately currently lib.generators.toYAML generates JSON, and the File will not be Human readable
+      storage-method = "mariadb";
+      data.address = "localhost:${toString config.services.mysql.settings.mysqld.port}";
+      data.database = "luckperms";
+      data.username = "luckperms";
+      data.password = ''${config.sops.placeholder."minecraft/database/luckperms_password"}''; # Secret created in ./database.nix
+    };
+  };
+}
+

systems/aarch64-linux/senfnvp/default.nix

@@ -0,0 +1,75 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    ./hardware.nix
+  ];
+
+  # Configure Nix
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nix.settings.trusted-users=[ "remotebuild" ];
+  nix.package = pkgs.lix;
+
+  # Networking
+  networking.hostName = "senfnvp"; 
+  networking.networkmanager.enable = true;
+  networking.nameservers = [
+    "1.1.1.1"
+  ];
+ 
+  # Set your time zone.
+  time.timeZone = "Europe/Amsterdam";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "de";
+  };
+
+  users.users.master = { # Managed by Homemanager
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJszrrdVHmMUdgOakyFNOIPV9BfopwflqivmK13Fmsab kb@Ohybke"
+    ];
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+  };
+
+  users.users.remotebuild = {
+    isNormalUser = true;
+    createHome = true;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJV9cwMXlbaBdg2gReSnLxH3EV5cyFoSi21f5fZhPfdC kb@Ohybke"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    git
+    wget
+    vim
+    tree
+    fastfetch
+  ];
+
+  # Default Editor
+  programs.vim.enable = true;
+  programs.vim.defaultEditor = true;
+
+  # SSH and Mosh
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+    ports = [ 9553 ];
+    openFirewall = true;
+  };
+  programs.mosh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+
+  system.stateVersion = "24.11"; # NEVER CHANGE THIS !!!!
+
+}
+

systems/aarch64-linux/senfnvp/hardware.nix

@@ -0,0 +1,52 @@
+{ config, lib, pkgs, modulesPath, ... }:
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  # System
+  boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" "sr_mod" "sr_mod" "r8169" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+
+  # Boot Loader
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # SSH Remote Unlock
+  boot.kernelParams = [ "ip=dhcp" ];
+  boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";
+  boot.initrd.network = {
+    enable = true;
+    ssh = {
+      enable = true;
+      port = 7299;
+      authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6jJa135d46R9XgV7h5SfxALabycI5ZPN8kdSQbEkYM kb@Ohybke" ];
+      hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ];
+    };
+    postCommands = ''
+      echo 'cryptsetup-askpass' >> /root/.profile
+    '';
+  };
+
+  # Disks
+  boot.initrd.luks.devices."luks-2d08047a-a014-480b-8a24-a70e20a2d7d7".device = "/dev/disk/by-uuid/2d08047a-a014-480b-8a24-a70e20a2d7d7";
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/9c1d9682-5cfb-4683-a789-f544fc6e7681";
+    fsType = "ext4";
+  };
+  fileSystems."/boot" = { 
+    device = "/dev/disk/by-uuid/FEAA-61DA";
+    fsType = "vfat";
+    options = [ "fmask=0077" "dmask=0077" ];
+  };
+
+  swapDevices = [ ];
+
+  # Networking
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
+
+}

systems/x86_64-linux/pkpnafs/default.nix

@@ -0,0 +1,102 @@
+{ config, lib, pkgs, inputs, ... }:
+
+{
+  imports = [ # Include the results of the hardware scan.
+    ./hardware.nix
+  ];
+
+  # Configure Nix
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nix.settings.trusted-users=[ "remotebuild" ];
+  nix.settings.trusted-public-keys = [
+    "cache.HyperC:90YNJ0eWsuBGVVP989lJh1rL8C0KM6IKbAtEUiu+FCU="
+  ];
+  nix.package = pkgs.lix;
+  nixpkgs.overlays = [ inputs.nix-minecraft.overlay ];
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.efiSupport = true;
+  boot.loader.grub.devices = [ "nodev" ];
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # Define your hostname.
+  networking.hostName = "pkpnafs";
+
+  # Set your time zone.
+  time.timeZone = "Europe/Amsterdam";
+
+  # Configure keymap in X11
+  services.xserver.xkb.layout = "us";
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.master = {
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKLbU0GpeqkYOsccsddQgZAppd5SFiokGAfjKr+dEEjY kb HyperC"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHS3DoQe/4TtdTLD/Fl41rTjE0n5MyFMl59VGVejcskO kb voloxo"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpN/3esM0SFLJ2guCBOYX8IdBC+jUiMF+xPYkTEuzbe kb-work yerukall"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMN1LWMOfFtRKkSLIA/XTj3KYm7OG2bjqEmGXj0gmDc7 kb@LoyAdjo"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7W8FUUvM8rUGK6qV3XOIxR0y/pdyo9z5HZNzOADs5+ kb@Rubtrm"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILgfAxGyxjNOZyuUZIlwVCzj/mBM9uM7apNDzEJ3g+F+ kb@LANA9C"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKurR2GzSHyD3AM0Xn+YmwfGcLjBlQX1ZRh93S8YiQwn kb@Ohybke"
+    ];
+    isNormalUser = true;
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    packages = with pkgs; [
+      vim
+      sops
+    ];
+  };
+
+  users.users.remotebuild = {
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHdxVb42GEb/rwrsQx/Wc2v2P+WIq8/WNlF+l31Rl/a Remotebuilds from HyperC"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/WONflZXVoZd8I4HdNMXNtoYELnCaxqdFY0QKDXXS9 Remotebuilds from Rubtrm"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJqjdhtK0xeJcHwwCAia6I+WuZCkN9pUS21MNjJ2jOuc Remotebuilds from LANA9Z"
+    ];
+  };
+
+  # List packages installed in system profile. To search, run:
+  environment.systemPackages = with pkgs; [
+    vim
+    wget
+    git
+    tree
+  ];
+
+  # Default Editor
+  programs.vim.enable = true;
+  programs.vim.defaultEditor = true;
+
+  # Sops Secrets Config
+  sops.defaultSopsFormat = "yaml";
+  sops.age.keyFile = "/home/master/.config/sops/age/keys.txt";
+
+  # SSH and Mosh
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+    ports = [ 3422 ];
+    openFirewall = true;
+  };
+  programs.mosh.enable = true;
+
+  # Minecraft Servers
+  services.minecraft = {
+    enable = true;
+    servers.velocity.enable = true;
+    servers.survival.enable = true;
+  };
+
+  # Forgejo Runner
+  services.forgejo-runner.enable = true;
+
+  # Binary Cache 
+  services.binary-cache.enable = false; # No Binary-Cache, when there are Secrets in the /nix/store
+
+  # Do NOT change this value 
+  system.stateVersion = "24.05"; # Did you read the comment?
+}
+

systems/x86_64-linux/pkpnafs/hardware.nix

@@ -0,0 +1,27 @@
+{ config, lib, pkgs, modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  # Filesystems
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/NIXROOT";
+    fsType = "ext4";
+  };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/NIXBOOT";
+    fsType = "vfat";
+    options = [ "fmask=0022" "dmask=0022" ];
+  };
+  swapDevices = [ ];
+
+  # Misc
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
+