feat: add vps host configurations

hosts/vps/modules/boot.nix

@@ -0,0 +1,9 @@
+{ modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix" )];
+  boot.tmp.cleanOnBoot = true;
+  boot.loader.grub.device = "/dev/vda";
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+}

hosts/vps/modules/filesystem.nix

@@ -0,0 +1,4 @@
+{
+  fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
+  swapDevices = [ { device = "/dev/vda2"; } ];
+}

hosts/vps/modules/network.nix

@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+
+{
+  networking.hostName = "vps";
+  networking.domain = "";
+  networking.firewall.enable = true;
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+}

hosts/vps/modules/services/default.nix

@@ -0,0 +1,7 @@
+{
+  imports = [
+    ./tailscale.nix
+    ./vaultwarden.nix
+    ./openssh.nix
+  ];
+}

hosts/vps/modules/services/openssh.nix

@@ -0,0 +1,3 @@
+{
+  services.openssh.enable = true;
+}

hosts/vps/modules/services/tailscale.nix

@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+
+{
+  sops.secrets."tailscale/authkey" = { };
+
+  services.tailscale = {
+    enable = true;
+    authKeyFile = config.sops.secrets."tailscale/authkey".path;
+    useRoutingFeatures = "both";
+  };
+}

hosts/vps/modules/services/vaultwarden.nix

@@ -0,0 +1,9 @@
+{
+  services.vaultwarden = {
+    enable = true;
+    config = {
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = 8222;
+    };
+  };
+}

hosts/vps/modules/sops.nix

@@ -0,0 +1,8 @@
+{ rootPath, ... }:
+
+{
+  sops.defaultSopsFile = rootPath + /secrets/secrets.yaml;
+  sops.defaultSopsFormat = "yaml";
+
+  sops.age.keyFile = "/home/toast/.config/sops/age/keys.txt";
+}

hosts/vps/modules/users.nix

@@ -0,0 +1,8 @@
+{
+  users.users.toast = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keys = [ ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyVXtny3ca64wdJAwcUro+U4sY4r6v97ypIXdedOuhc toast@nixos'' ];
+  };
+  users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyVXtny3ca64wdJAwcUro+U4sY4r6v97ypIXdedOuhc toast@nixos'' ];
+}