From 0768504430fed1c717fb825972a1102656d10fb0 Mon Sep 17 00:00:00 2001
From: Nettika <nettika@leaf.ninja>
Date: Tue, 24 Feb 2026 16:35:58 -0800
Subject: [PATCH] Setup host

---
 Justfile          |  4 +++
 configuration.nix | 73 +++++++++++++++++++++++++++++++++++++++++++++++
 disks.nix         | 42 +++++++++++++++++++++++++++
 flake.lock        | 48 +++++++++++++++++++++++++++++++
 flake.nix         | 23 +++++++++++++++
 5 files changed, 190 insertions(+)
 create mode 100644 Justfile
 create mode 100644 configuration.nix
 create mode 100644 disks.nix
 create mode 100644 flake.lock
 create mode 100644 flake.nix

diff --git a/Justfile b/Justfile
new file mode 100644
index 0000000..737b94e
--- /dev/null
+++ b/Justfile
@@ -0,0 +1,4 @@
+host := "egregore"
+
+rebuild:
+    nixos-rebuild switch --flake .#{{host}} --target-host root@{{host}}
diff --git a/configuration.nix b/configuration.nix
new file mode 100644
index 0000000..969c1c5
--- /dev/null
+++ b/configuration.nix
@@ -0,0 +1,73 @@
+{
+  modulesPath,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disks.nix
+  ];
+
+  boot = {
+    initrd.availableKernelModules = [
+      "ata_piix"
+      "uhci_hcd"
+      "virtio_pci"
+      "virtio_scsi"
+      "sd_mod"
+    ];
+    kernelModules = [ "kvm-amd" ];
+    loader.grub = {
+      efiSupport = true;
+      efiInstallAsRemovable = true;
+    };
+  };
+
+  networking = {
+    hostName = "egregore";
+    useDHCP = lib.mkDefault true;
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "prohibit-password";
+      PasswordAuthentication = false;
+    };
+  };
+
+  environment.systemPackages = [
+    pkgs.git
+    pkgs.htop
+    pkgs.curl
+  ];
+
+  users.users = {
+    root = {
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBCCOUFUeQW63bf0KFxQGs9KZRf8nV26ZCyNW8luvdEx root@marauder"
+      ];
+    };
+    nettika = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHopty1QG8P+OfGxQ9CV0BI1IRB/q6yITzMZaZ6Zspid nettika@marauder"
+      ];
+    };
+  };
+
+  security.sudo.wheelNeedsPassword = false;
+
+  nix.settings.trusted-users = [
+    "root"
+    "nettika"
+  ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
+  system.stateVersion = "25.11";
+}
diff --git a/disks.nix b/disks.nix
new file mode 100644
index 0000000..89b6f68
--- /dev/null
+++ b/disks.nix
@@ -0,0 +1,42 @@
+{
+  lib,
+  ...
+}:
+
+{
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..5fdfd98
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,48 @@
+{
+  "nodes": {
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1771881364,
+        "narHash": "sha256-A5uE/hMium5of/QGC6JwF5TGoDAfpNtW00T0s9u/PN8=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "a4cb7bf73f264d40560ba527f9280469f1f081c6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1771903837,
+        "narHash": "sha256-sdaqdnsQCv3iifzxwB22tUwN/fSHoN7j2myFW5EIkGk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "e764fc9a405871f1f6ca3d1394fb422e0a0c3951",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "disko": "disko",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..e5cf736
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,23 @@
+{
+  description = "NixOS configuration for egregore";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs =
+    { nixpkgs, disko, ... }:
+    {
+      nixosConfigurations.egregore = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          disko.nixosModules.disko
+          ./configuration.nix
+        ];
+      };
+    };
+}