initial commit

hosts/vde/boot.nix

@@ -0,0 +1,7 @@
+{
+  boot.loader.systemd-boot = {
+    enable = true;
+    configurationLimit = 10;
+  };
+  boot.loader.efi.canTouchEfiVariables = true;
+}

hosts/vde/default.nix

@@ -0,0 +1,31 @@
+{
+  inputs,
+  outputs,
+  ...
+}:
+
+{
+  imports = [
+    ./boot.nix
+    ./hardware.nix
+    ./networking.nix
+    ./packages.nix
+    ./secrets
+    ./services
+    # ./virtualisation.nix
+
+    ../../users/sid
+
+    inputs.synix.nixosModules.common
+    inputs.synix.nixosModules.device.server
+
+    outputs.nixosModules.common
+    outputs.nixosModules.deploy
+    outputs.nixosModules.xfce
+  ];
+
+  networking.hostName = "vde";
+  networking.domain = "vde.lan";
+
+  system.stateVersion = "25.11";
+}

hosts/vde/disks.sh

@@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+
+SSD='/dev/disk/by-id/wwn-0x500a0751e280a38c'
+MNT='/mnt'
+SWAP_GB=16
+
+# Helper function to wait for devices
+wait_for_device() {
+  local device=$1
+  echo "Waiting for device: $device ..."
+  while [[ ! -e $device ]]; do
+    sleep 1
+  done
+  echo "Device $device is ready."
+}
+
+# Function to install a package if it's not already installed
+install_if_missing() {
+  local cmd="$1"
+  local package="$2"
+  if ! command -v "$cmd" &> /dev/null; then
+    echo "$cmd not found, installing $package..."
+    nix-env -iA "nixos.$package"
+  fi
+}
+
+install_if_missing "sgdisk" "gptfdisk"
+install_if_missing "partprobe" "parted"
+
+wait_for_device $SSD
+
+echo "Wiping filesystem on $SSD..."
+wipefs -a $SSD
+
+echo "Clearing partition table on $SSD..."
+sgdisk --zap-all $SSD
+
+echo "Partitioning $SSD..."
+sgdisk -n1:1M:+1G         -t1:EF00 -c1:BOOT $SSD
+sgdisk -n2:0:+"$SWAP_GB"G -t2:8200 -c2:SWAP $SSD
+sgdisk -n3:0:0            -t3:8304 -c3:ROOT $SSD
+partprobe -s $SSD
+udevadm settle
+
+wait_for_device ${SSD}-part1
+wait_for_device ${SSD}-part2
+wait_for_device ${SSD}-part3
+
+echo "Formatting partitions..."
+mkfs.vfat -F 32 -n BOOT "${SSD}-part1"
+mkswap -L SWAP "${SSD}-part2"
+mkfs.ext4 -L ROOT "${SSD}-part3"
+
+echo "Mounting partitions..."
+mount -o X-mount.mkdir "${SSD}-part3" "$MNT"
+mkdir -p "$MNT/boot"
+mount -t vfat -o fmask=0077,dmask=0077,iocharset=iso8859-1 "${SSD}-part1" "$MNT/boot"
+
+echo "Enabling swap..."
+swapon "${SSD}-part2"
+
+echo "Partitioning and setup complete:"
+lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL
+

hosts/vde/hardware.nix

@@ -0,0 +1,76 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/ROOT";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/BOOT";
+    fsType = "vfat";
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+    ];
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-label/SWAP"; }
+  ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  # vesa
+  # boot.kernelParams = [ "nomodeset" ];
+  # services.xserver.videoDrivers = [ "vesa" ];
+
+  # fbdev
+  boot.kernelParams = [ "nomodeset" ];
+  services.xserver.videoDrivers = [ "fbdev" ];
+
+  # nouveau
+  # hardware.graphics.enable = true;
+  # services.xserver.videoDrivers = [ "nouveau" ];
+
+  # modesetting
+  # services.xserver.videoDrivers = [ "modesetting" ];
+  # boot.kernelParams = [
+  #   "video=1280x1024"
+  #   "nouveau.modeset=1"
+  #   "nouveau.noaccel=1"
+  #   "nouveau.config=NvBios=0"
+  # ];
+
+  # proprietary drivers
+  # hardware.graphics.enable = true;
+  # services.xserver.videoDrivers = [ "nvidia" ];
+  # hardware.nvidia.open = false;
+  # hardware.nvidia.package = config.boot.kernelPackages.nvidia_x11_legacy340;
+  # nixpkgs.config.allowBroken = true;
+  # nixpkgs.config.allowUnfree = true;
+  # nixpkgs.config.nvidia.acceptLicense = true;
+}

hosts/vde/networking.nix

@@ -0,0 +1,26 @@
+{
+  networking.networkmanager.ensureProfiles.profiles = {
+    enp34s0-profile = {
+      connection = {
+        id = "enp34s0";
+        type = "ethernet";
+        interface-name = "enp34s0";
+      };
+      ipv4 = {
+        method = "auto";
+        route-metric = 50;
+      };
+    };
+    enp36s0-profile = {
+      connection = {
+        id = "enp36s0";
+        type = "ethernet";
+        interface-name = "enp36s0";
+      };
+      ipv4 = {
+        method = "auto";
+        route-metric = 200;
+      };
+    };
+  };
+}

hosts/vde/packages.nix

@@ -0,0 +1,5 @@
+{ pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [ ];
+}

hosts/vde/secrets/default.nix

@@ -0,0 +1,8 @@
+{ inputs, ... }:
+
+{
+  imports = [ inputs.synix.nixosModules.sops ];
+
+  # sops.secrets."github-runners/vde" = { };
+  # sops.secrets."mailserver/accounts/sid" = { };
+}

hosts/vde/secrets/secrets.yaml

@@ -0,0 +1,26 @@
+tailscale:
+    auth-key: ENC[AES256_GCM,data:Fz1XGaQXERn+3EymtWyq9oYqoX0KrcPJelda+addeX+vhqEAxRe5jRdzK8W6329b,iv:HNlz5f7dscDXsPoKZjSiIl2NZOouEJZyzU3kaiX1NUw=,tag:DdIxWKeZ9kfHUkh0/l1sEw==,type:str]
+sops:
+    age:
+        - recipient: age19yeqvv28fgrtk6jsh3xyaf0lch86kna6rcz4dwe962yyyyevu30sx474xy
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNVVVL29xeUQ0WDREREoy
+            dy83M1ZaYTM4NFlKZUVoVFlrNUEzQmRXMFJjClB2YkZKMUMxWGR4bnRBRzVFSHNG
+            Z2srYmRDcHhucUFlUVUxN0FGalM3RUEKLS0tIG5HMG5jWFZJcXc4cXB4cThVcmZI
+            ejVJanRtODh1a1RUQm00OGpoenNqeVUKAuvbRbO9w5KhcNAph+IuSTWxWCu9tF6u
+            QAVWMoHsMc43FQi72isjL23+nroiNKgxlS9VjSS04K2qvBGl296rtA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1mc07jayz4dpwenh06fzlcgfzk5t7ln0z3n65emwlm5r7nq59m4jstd7y8u
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKQUpaTjRjSU0yaDZSRVBG
+            SWY1aFIvYzlYbkg1bGpWYXRock1nTHBMRHh3CkVqNlg5aU5rZk1ySmZSbmJEZ3JG
+            UVhrb1BITkxodmxPU1ZtK2lHcjFSRUUKLS0tIDc1QlMwZlZyNmVJbjNXekYzSkpJ
+            RjlIQWVIcTY0aUlhelorMDRycVZnOEkK69ZCxeh8IL2LcsjgkBgbIbC6XnDJ8zwd
+            yCuPYXkYOxeitToIbhHQS4TbgF61/tJqIixqoIe3vG+o112UspGkoQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-12T20:15:19Z"
+    mac: ENC[AES256_GCM,data:sDbfLjm6ZqkVUMNbB6ikMSlMiXd9Ukf2K8HdAF66JwPB+KQI/rqIRKiSaOEKJ8p1AvpEr86ENlCEZNeslQJAdlqbGy6+VOcbSAz2bfhhXfThaAEgYT9CmXAsJL8lWMI5N2Ti0kiepjk+nMG1bbFyPecHm4AqadMRC/RHprAK4fc=,iv:2UPmmBNATuXvk+LbF9Lwi7Cgi0OFMHr96ONG6bpBDpY=,tag:i5If1ui4XHeuE7BjUEHUCA==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0

hosts/vde/services/default.nix

@@ -0,0 +1,15 @@
+{
+  inputs,
+  outputs,
+  ...
+}:
+
+{
+  imports = [
+    inputs.synix.nixosModules.openssh
+
+    outputs.nixosModules.tailscale
+
+    # ./monero.nix
+  ];
+}

hosts/vde/services/monero.nix

@@ -0,0 +1,19 @@
+{ outputs, ... }:
+
+{
+  imports = [
+    outputs.nixosModules.monero
+  ];
+
+  services = {
+    monero = {
+      enable = true;
+      mining.address = "";
+    };
+    xmrig.settings = {
+      cpu = {
+        max-threads-hint = 4;
+      };
+    };
+  };
+}

hosts/vde/virtualisation.nix

@@ -0,0 +1,5 @@
+{ inputs, ... }:
+
+{
+  imports = [ inputs.synix.nixosModules.virtualisation ];
+}