From 8c4e9f6641ca1ddeacd8b6fa75b0934fdb3f0f03 Mon Sep 17 00:00:00 2001
From: Crony Akatsuki <crony@cronyakatsuki.xyz>
Date: Wed, 7 May 2025 16:41:42 +0200
Subject: [PATCH] feat(servers): add baldur, the immortal

---
 flake.nix                          |  20 +++++++++++
 hosts/baldur/configuration.nix     |  27 +++++++++++++++
 hosts/baldur/disk-config.nix       |  54 +++++++++++++++++++++++++++++
 hosts/nixos/configuration.nix      |   3 ++
 modules/servers/baldur/default.nix |   1 +
 secrets/secrets.nix                |   3 +-
 secrets/traefik.age                | Bin 609 -> 719 bytes
 secrets/wg-desktop.age             | Bin 785 -> 895 bytes
 secrets/wg-heimdall.age            | Bin 986 -> 1096 bytes
 9 files changed, 107 insertions(+), 1 deletion(-)
 create mode 100644 hosts/baldur/configuration.nix
 create mode 100644 hosts/baldur/disk-config.nix
 create mode 100644 modules/servers/baldur/default.nix

diff --git a/flake.nix b/flake.nix
index 94e40f8..8ef310a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -105,6 +105,15 @@
           path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.loki;
         };
       };
+
+      baldur = {
+        hostname = "baldur";
+        profiles.system = {
+          sshUser = "root";
+          user = "root";
+          path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.baldur;
+        };
+      };
     };
 
     nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration {
@@ -141,6 +150,17 @@
         ];
       };
 
+      baldur = nixpkgs.lib.nixosSystem {
+        system = "aarch64-linux";
+        modules = [
+          disko.nixosModules.disko
+          agenix.nixosModules.default
+          ./hosts/baldur/configuration.nix
+          ./modules/servers/general
+          ./modules/servers/baldur
+        ];
+      };
+
       nixos = nixpkgs.lib.nixosSystem {
         specialArgs = {inherit inputs;};
         modules = [
diff --git a/hosts/baldur/configuration.nix b/hosts/baldur/configuration.nix
new file mode 100644
index 0000000..c89c1a3
--- /dev/null
+++ b/hosts/baldur/configuration.nix
@@ -0,0 +1,27 @@
+{
+  modulesPath,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disk-config.nix
+  ];
+
+  networking.hostName = "baldur";
+
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+  environment.systemPackages = map lib.lowPrio [
+    pkgs.curl
+    pkgs.neovim
+    pkgs.gitMinimal
+  ];
+
+  system.stateVersion = "24.05";
+}
diff --git a/hosts/baldur/disk-config.nix b/hosts/baldur/disk-config.nix
new file mode 100644
index 0000000..8f36ed4
--- /dev/null
+++ b/hosts/baldur/disk-config.nix
@@ -0,0 +1,54 @@
+{lib, ...}: {
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "lvm_pv";
+              vg = "pool";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [
+                "defaults"
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/hosts/nixos/configuration.nix b/hosts/nixos/configuration.nix
index 9aeaa29..f93b0c5 100644
--- a/hosts/nixos/configuration.nix
+++ b/hosts/nixos/configuration.nix
@@ -25,6 +25,9 @@
   # Enable flakes
   nix.settings.experimental-features = ["nix-command" "flakes"];
 
+  # Enable trusted users
+  nix.trustedUsers = ["root" "@wheel"];
+
   # Setup gpu
   hardware.graphics = {
     enable = true;
diff --git a/modules/servers/baldur/default.nix b/modules/servers/baldur/default.nix
new file mode 100644
index 0000000..6462967
--- /dev/null
+++ b/modules/servers/baldur/default.nix
@@ -0,0 +1 @@
+{...}: {}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 16ceaf6..c7811ad 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -2,6 +2,7 @@ let
   # SYSTEMS
   heimdall = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBs+qYjpeAEHPFUQeatNkhKbXz8+A1VAl21jgifDYJK8";
   loki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+xpWCoBEO/pzAwS1ZZEsiLSarvSVkdxQEo49xma2PV";
+  baldur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvZ7Z8GS4+1+9D6u/BDit4Eij5Ubbii2dzJ/+ecT8iR";
 
   # USERS
   root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz";
@@ -9,7 +10,7 @@ let
   users = [
     root
   ];
-  systems = [heimdall loki];
+  systems = [heimdall loki baldur];
 in {
   "traefik.age".publicKeys = systems ++ users;
   "wg-heimdall.age".publicKeys = systems ++ users;
diff --git a/secrets/traefik.age b/secrets/traefik.age
index adffe366b9e0f790fa434d951fb1fa86b23e5b8b..92a86c264a6f683bab578abc24392bf546f7fbb5 100644
GIT binary patch
delta 667
zcmZ9_-AfYz008hlG;j|YXi6lp%6e$7+kI_!6vKVocH3^d59e)n8noTMKkl~OzJ1u6
zgas)R3nUbKDuq5M>>=_kE5yR0Kq`oe9{NDT3L~iZe*eJlUCYzf@xDfiLMR=W3kcS%
z4EaqwMnb4UraUr4V~{rv7bI0Aq@btdU^T2-=LT|lo}dh_7+!KK5g16Qv5=KuGdN)^
zR`_5Q0)iyvBQ$!mR#g-FXaqu05Z4-Y2{y-S3;rbRMUZqtB`l6wR0bLmUKoUhL97gU
zNdT(Lwk#ut!<a-EH0iMFOn?Q623-N8j!%oC9Z~DLSiu#iAq8YGkCJC1cm>PG|L-yY
zZ4X$qX^^)^ON6K3Rstc4i3?;}k!f4qr&LVEtcOn3(K2QU6@4nqYCI^AO)Icsz=gUZ
za~@lqD<LSHk-SRSUp8Wlwdj=Nb_Nf!6Pw+QnlFhOLBSo7WR$Y_`Iu-ofd;siBvY(v
zs!()_abchhryPhz=0U4cSIV`B!bTm{WXRwWQve4d8Ol=S#30E+Fj+`ad7z@v>-E|k
z#GrW@vgF}fS*-+7E3C2*;`8%WcfvJb%Ev53BMX<qH8NV!Oe)8R7f0ojSNry(x0-5h
z<cqVok(>SbXIefjEw6Xf?%vahUDEBP_Rh6m&av_e{ot%HY+kkMmfkOnO@Ek@JBPQA
z?!mD#c%hg3yyFTMnd7<1bMx4|O#^(N!LB#=!f&!$)=S0SYljmjl*Q4GS8YS<<L8at
z-_~X~?f^FqaO;b|hvptFtn5GX>}KoZzv9J7^QRRX@N%SWwc37v<}JGYaq9Ik@cEfj
n+lRK07f+h|Mv6V%mv{Fs8+LVlHE%W_{-AgEv`jGl!ojY8mR$CD

delta 557
zcmV+|0@D4@1>ppcEPrfRb5dtXMP+1Ha79#eXJ<G~N=;U7bTmk1XhCN(I8#VAaX4sb
zOfOAQMG8e~YEp1_Z8dUEL1kD>Z9#KTD@-+SQc-MHSz~E6aY;~bbb2s(b7MJSMG7rG
zAaiqQEoEdfH8n9gAT}##QE*WpQ)pOIMs{XLIYMGfbwzM%XGUveWMO)EQFLlHK~`mO
zIB`#ST5&T}G-NR}3T$C&IBPX9RbpgEO-eCKFl1$EK}S`0adC2Nb~G|iYi2Pqbwp$}
zLv})0lV1TBe{o4-G;(-UIC3&`PfTlbbzwIzOldh-Y<Me6T1r7LMol?QV^?)(V^T;-
z3PUR^S4&ATM?o@iN-s!oW@<%8N>pz$Xn1sNH*Z5UR#HrBNm65DH%LlB3N0-yAZ<)n
zb}(mcI8Hf1XLUnYZg_flNK->-Pcmw1HhC~(K`&BLe?&%lR5WQrK?+$s_#Fu`HFc9H
z#dH0=Il*IMDAJAg@FXRfxmtBK8o-4^homPK8lUdm8LY{D_U-Bp+{R=(yO4+0WCYEA
z95SOi{x^gAQiIE0k~wCYR83J#e*y&?WD?clH|LB$Jd^JD7#(FXioHUIF3vwNoJSoZ
z)#_emTMP}|l<D^&ORA|Cg-U~v_41o|f2Ex0;Gom3YC01y2LER++=OQ&TCu9=FS~yj
v=@D>Bd8({oH)>!(KXPJbQVk<-Td^y;#CI;HqcBuLsH-p|)_mtB8=V?|NNv)w

diff --git a/secrets/wg-desktop.age b/secrets/wg-desktop.age
index a1cadec6032d8015ccf5f40ee44682fda37bc644..5d2e451e335086ab1266d0de3e2910e454d212b6 100644
GIT binary patch
delta 845
zcmV-T1G4;)2LA?-EPp~dL^VQIWHwD%X?ZtdOn6yXWKnBVD`-kZPjF9AMl)1ZN;Ypf
zYIRsxV+wUgL1jc^aA<07SWS3ySwU=OF>p>qWlAt_Rak39YEwC4aWq#+T5UyAZwf6w
zAaiqQEoEdfH8n9gAT}##QE*WpO)+?9HF<JWax__5M`|`wbbm>6X=-y+aCSpSbTv3<
zPE<BaVP`O5IB7_43V17eH)UgYaAs&QZc=qIW<gbLLoZ}PY&m*nbxBNDXhk$)Noi_A
zPDeO63N1b$b8~1dWn?lnH8D9LY%fnlS3w{`Z&O7#F=$F*M|f&ydP+($NM=)ZZAfTC
zLt#u}S2avAQ#CVHWpPznLNaFxL2+4aP*gNDVm3)cN;P3nW_DprR5Ni>M@nloHfVWG
zd16pyF;#6$M|yLS@fUwEM{!v;c4RYhS1U9}O>8l8Vl-oCZFq5IS5Ht_V=r2ISz0qk
zacM_3MlcFYS}SftL^x?fSaEb&Z9#A|IY&7}Hf(Q2GD~zgS!h#OVR1?_a5FG*aB~VR
zEiE8xM{;^Layd>jR7qG$FGomgSZhvsXF^M1ZEP|)T6j`4D@}i6OL}#8H%%}K)=-^3
zBeb3c8z=Q8;AFP-?b|{7M8r<VdA~Pu7>9Q0v$0OP*LvH3b;<iVnO;bfdEb6rIbEGE
zE)^mx?B9i-O2|t+f7_-}SuvQF4lDBNYswg1-_bkK<K%j%Kq?{tIRebFB1HCi;1vt~
ziU>quW+iyV8a#gmIe)KLskKcH^&DN9M)!gz+s9eWh=%P|(XtO`Fg6;<U5g)fhBRRu
zPy-D*#?NEGJzOaWTGo;3n?Q{gC?^uQ#<P&2J|He5lQrG|SWT1N#1yPuoJ3VhnAO;~
zl{va!oQKbgnfyaLNt0O--5)B1tGOBI%#(8$S9#kqxQu^7S=OpY^6!K`DQd!>(?iJz
zSgI&dn>|TiR8;a9^$5v4daOV#>l#VTEl$1WIJcshBJ(x!{Fx<zI6oZwKoT}-rm|P|
zS3=z#Rf%R}zCEwOp$}__lS*`mwIU-nDuz=(&mfb~sk}50M3%{p{8o>e?F`nlrLquK
X6gzenOfU@`i)-Ij4hN51t<<$7y`f0a

delta 735
zcmV<50wDeW29XAkEPr!mX=ZXqS~f;Dc{5luWH(k)Q&dD%HE>L8S~O!yYezz5OK(9j
zMKEf2V+t!(ST$lWFm*Xea8YPZNJ%kdHD_-{NpX60XKpqzPeeyVVrW5jcWO#VZwf6w
zAaiqQEoEdfH8n9gAT}##QE*WpM`TP%Y*0aBT3S+7O;Iy&Nk&I-Hd${mGkRh|Z9#TL
zZ+2NWNHQ~3b2d|V3Q8||cWgmZbwfEwXLv_=PC;ciMN2O=aBetNQ)yL5O=&YLZaH}?
zGeuKHlV1TBe@s+qL1A)cbyQ(NPjW^pHCk*#YFBDdVPjD-M|oFSXG&ITPjzf%Qb$NI
z3UOF?IZ$agdO28gGiXaoQdDnLOF~LyNK0f{I801oPisVCS#)PuV_9oe3N0-yAYv<3
zWo2nub#Y{CYHdbIVOT*&b690DL}y5ES$1@JYE@}5e>P@kZ%9FTSqh~EJzhru4_Be?
zUb3l|DQ(IhFP$(;=tR+91@Cc>Gz5AS)6lKQIA50N5DX`n1WMR50OvMAI5H(^fI{Z<
zFm^$OC&&sa(M~NIyg^c$e?`}e{d*zF0NiMjQ#%capm3kj-DI<Kb-X2+u)tjQ|9Q-L
z^ws~&f0qwz12*$6NxLYy?hk{eU2Ujg%*$`dw;?oQU+K+h%W>L$g-nG+OFxt@5$60N
z!0XgfP?MXic&azc9rPm4t4K<x%Sz7tV5t)%htC#%nO=3qz?L>ILFxIJA_*9<J&>cF
z&-jdZ+P;h6_DPn7qCt}KAlo;s(l{x61|5-of8dM>b$;7SUQ#7I4GHBqv(9uI^%PP@
z$7SJB?5yCoFv$g-)>wE|^`i;EF|fgisd*(>tS0W+wxA?=p`7#}=jK*HpN~gfbGezA
zpq>Y>cvZW%h^wyKpel{^{7gf~81I3qZs9soD|bW~iA^>~#KE~mFCTDBPwf7F;mlDH
R4Z|ZflW7UPX?rLucy3qLF4+J8

diff --git a/secrets/wg-heimdall.age b/secrets/wg-heimdall.age
index 3af4512a715cff5202e0be90dcb283d6d8c58999..1d484474a0ff2f3ba40e7de33a77f4252103aac0 100644
GIT binary patch
delta 1047
zcmV+y1nB$P2gnGJEPrizS5a(QMR817bwV_CbYxd=D|UHxNMmehWm;@9b5B`CO-^iS
zMN3h7RSGw1XE<k5Vrok;IWKK%GA~s)Fi=WUYDsKKZD?0mYF1Hnc1L3`d1zNlZwf6w
zAaiqQEoEdfH8n9gAT}##QE*Wpad>uNVtQ6&MrKGjVt8p|c7J+vV`pYELsmy{Vl_rm
zY;$pRSW0<Ob2(F03U*;ib!u=pFhn>qO))cCVoqscV>wt$NJC|Cd2DWMc~WUoOHWQt
zY&lkA3N1b$b8~1dWn?lnH8D9LY%fnlS3w|8S!OgZFj+`9c~4Y!HZp2YSZPCMMN(>O
zVt9HrNJMowOf@)UR5&+BT1GGmY%z6KM_5ugG)8r1T2^#wL`gGZNO5*cc1%`8SVm-1
zFGE;OFmh3CXD>;S@fUwdaa2TRH#9kVQ8_bMSXDS#a%V7DX*E|^YDY3eLQPCsGH_OO
zYfnW{R7nbFD`IO>GEHxASv4<hacnqKRa!J;b#7*3PGdDNQFv%%VM%#;L1<NXQ%MRf
zEiE8IPHHlFHZn+gWpYn3Q&mB6STT7+N=`X3Nn>|WK}c6aS}}idcsX-)LTNY(vP%oF
z{+|l6S!|lghYPtOl@!)}MSLB`F+T8F<Y|Nc{smT9&guSLE~|fiJ;D)a44<i1Y*it;
zhaeyQg>0^2J3{by8(#cwSC7dFJ`_>Em~oVoVd2dP8=CaqwbBOdF>iuD+$jC_DHJ~8
z*7wK;Afr=|#&~}T3Z3hCglGR1$>-xEXkuQi(L8Ap|DZs;cQx_TajbbbTcf`;Ycg>4
zsdxK;0Cnu50V}i#`zN-tCR!pYgg_CRh5rG4G#Aa%BJo;7n>deSF+@qO59O9I0zy2a
z-V>=#$*d9krqT87?;$keE^AKDW$-L6Zz2p7vmdB-YFmF9RrctOO(6bPl@=7qG5H}h
zHqws;>1u+DdY5OSga~0ig6E*snXyLC7@*xCNG_0X2N@2C_vv)75_+_9+q;BVOD~+V
z0AF0B!k=haK0sg1oR0dX5iL>UL_dX_5BPL{>qFLQIQ2Q@RybF*qmUnIE(7H~Rw$j{
z@x;)^xyye;iSkI?@rRkSL<Y)<s+*m2OsabbZUc8~IqbG%R`7Rqufr_a`r#remwq|6
zf8F?HZf+KBmg<1!`kW5LVhywdR4eW;4u*NMM9-&r;guK96R2JwiU93}Ea<&79Pabz
zb)>}@W^2F%jz%v`2t*Ct_CEAJB`ON}=0e#8$<<diBz0q94lDYixg`fdgNDqF)g;c5
z&MUxL3$ZK`0$R>1j>;TU>CcvoQ_PYM<mPy%UAY}sO2~W}M@D}?WGoXBWHZlN{LP8L
Re9wYh7hqeUZ|e;kRNn{DvBCfV

delta 937
zcmV;a16KUV2-*jbEPqrpHfc?5V=G}zL0WZgRc1*;SZ#GobyYV`VlQfMH!*8iN=Gzm
zVlZekFbXy_Sv62iRzp-{b7VAAWO8MCI7VkUQCe9+H%2iyXmVCmXlzt%Y(#HqK?*HC
zAaiqQEoEdfH8n9gAT}##QE*WpVNGvvbZ2X6Mn^L*XGLjAZALXnPEmJjGG%yZcraN~
zVR~(0I96$THaRmv3QKE4S~FxwPeU_BSU5y0SW`GvcVRDCMPf}(Zboo-bV6E9Z+Cb(
zSu`~;lV1TBe@9a}NH<YoH*7LWax`R8P(pe_bT3SGRxe>pdTByfZE!0|dN+AgNJBF)
z3O6`pR%J$PWK3)|Q$u<~dR100N@rzmW@}YNYGZUZS9mg5QAtoSLU%)F3N0-yAWlnC
zR#<g;Xfr`KPIEa_Y(q0~ZF*KgIY)3)HF8yOX>>tje{VuBYEf@*GzyY6;=Y=~?r$@j
zE}6cfS)TpK&t6nVP^eK_RGi0|+iah-n=Tz*yKs$6e9b6u-8{O$+ZSWAjw1r--eVdV
zQTtMumQJ&I$vsn8AYS$rERtTu*+!jPMDb|D3DM~<-y-wy1?3m^uL<N@7Q|uANslVz
ztEukne@F@N(qhT3dBPco>y+Bgjo<kvh$4P^o5=X|ckhkIk|0n>W5HG<ji!oS>=^uu
zeCT+mKNPd=uwl))^*g?rogSXQqQG$K^URo@UZAuB84&J)j3wGZJ{%1|=Ac<wh%c>Q
zGoWKKN|}3jkwCA|>Zi|e)h-Wnu0|Mp6`lnQe|gE1$=j3{86*Xf@IxB*%>r@jigjrf
z%LX^M`B(owMT%Jh2WOAOqRy5Wut%GR-^>~cOQt_CD$x{0Yl0a6{4qb2pBySrGbUvk
zqn!)=f_Ac}7@@Y84xcVPx$X>2vhtDH)4S!^J3kTv@nCLJ1n3+6!6{UA!rvNIpWcjk
ze;SnvVPZA$czO`kcvdxk?qzg5j$ZUzU_SbPKKFB#5tj0UsjwetcVS#Gp|20RBjzVY
z<}d)9Bzh^sh)=XXnhbhTRW*fbT_MPZCZ@nLNQiCx4OKby>qH^0T)&vN>EI5C?&Mok
zQn_VD65ICqE!fU~hRWoPs>-8sUHoGNSM)~c@PIoMw7?VlVn!+nbR)^q@M0e@&|$}s
zB1!B@tF6W7KCph~O##-cu=?cqF6PZGc}kfR&_4!Dq35jhJ%zwlmNQtHhgZwpQr>O;
L=c={TSW{S^13sCv