Add comet

linux/comet/configuration.nix

@@ -0,0 +1,40 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ pkgs, ... }:
+
+{
+
+  # Configure boot loader
+  boot.loader = {
+    grub = let yorha = pkgs.yorha-grub-theme; in {
+      enable = true;
+      device = "nodev";
+      splashImage = "${yorha}/background.png";
+      theme = yorha;
+    };
+    timeout = 3;
+  };
+
+  # Change secrets file
+  constants.sopsFile = ../../common/auths.yaml;
+
+  # Disable sudo password
+  security.sudo.wheelNeedsPassword = false;
+
+  # Set time zone.
+  time.timeZone = "Asia/Shanghai";
+
+  # Enable zram
+  zramSwap.enable = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.11"; # Did you read the comment?
+
+}

linux/comet/default.nix

@@ -0,0 +1,14 @@
+{ inputs, ... }:
+
+{
+  imports = with inputs; [
+    disko.nixosModules.disko
+    hardware.nixosModules.common-cpu-intel
+  ] ++ [
+    ./configuration.nix
+    ./hardware-configuration.nix
+    ./network.nix
+    ./tailscale.nix
+    ../../common
+  ];
+}

linux/comet/hardware-configuration.nix

@@ -0,0 +1,37 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "uas" "sd_mod" "sdhci_acpi" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/9f65c4b3-1c87-42a0-8c1d-f3c1ff2e71b1";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/1C5A-E5B5";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

linux/comet/network.nix

@@ -0,0 +1,27 @@
+{ config, ... }:
+
+let hn = config.networking.hostName; in {
+  networking = {
+    domain = config.constants.domain;
+    firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
+    hostId = "3ddd2ad2";
+    nftables.enable = true;
+  };
+
+  services = {
+    openssh = {
+      enable = true;
+      hostKeys = [{
+        comment = "host@${hn}";
+        path = "/etc/ssh/host";
+        rounds = 100;
+        type = "ed25519";
+      }];
+      settings = {
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+      };
+    };
+    resolved.enable = true;
+  };
+}

linux/comet/tailscale.nix

@@ -0,0 +1,7 @@
+{ ... }: {
+  services.tailscale = {
+    enable = true;
+    port = 12765;
+    useRoutingFeatures = "both";
+  };
+}