From 6cb2c2bd00d5c891e8f9eee8cc2d6cc22b958dd4 Mon Sep 17 00:00:00 2001
From: soraefir <soraefir+git@helcel>
Date: Sun, 14 Apr 2024 21:22:22 +0200
Subject: [PATCH] Sandbox

---
 .gitignore                             |  1 +
 flake.nix                              |  5 +++++
 modules/shared/sops/default.nix        |  2 +-
 modules/shared/sops/mock.yaml          |  8 ++++++--
 modules/shared/syscfg/default.nix      | 22 +++++++++++++++++-----
 systems/avalon/server/docker/cloud.nix |  2 +-
 systems/sandbox/cfg.nix                | 26 ++++++++++++++++++++++++++
 systems/sandbox/default.nix            |  2 ++
 systems/sandbox/hardware.nix           | 14 ++++++++++++++
 9 files changed, 73 insertions(+), 9 deletions(-)
 create mode 100644 systems/sandbox/cfg.nix
 create mode 100644 systems/sandbox/default.nix
 create mode 100644 systems/sandbox/hardware.nix

diff --git a/.gitignore b/.gitignore
index 461ffdf..d1262cc 100755
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 result
 age-key.txt
 .decrypted~common.yaml
+.decrypted*
diff --git a/flake.nix b/flake.nix
index 1be858d..ea6c64a 100755
--- a/flake.nix
+++ b/flake.nix
@@ -61,6 +61,11 @@
           system = "x86_64-linux";
           host = "ci";
         };
+        sandbox = gen.generate {
+          type = "nixos";
+          system = "x86_64-linux";
+          host = "sandbox";
+        };
       };
       darwinConfigurations = {
         asgard = gen.generate {
diff --git a/modules/shared/sops/default.nix b/modules/shared/sops/default.nix
index 97dbb72..28cc47d 100755
--- a/modules/shared/sops/default.nix
+++ b/modules/shared/sops/default.nix
@@ -1,6 +1,6 @@
 { config, pkgs, ... }:
 let
-  isCI = builtins.elem config.syscfg.hostname [ "ci" ];
+  isCI = builtins.elem config.syscfg.hostname [ "ci" "sandbox" ];
   keyFilePath =
     (if isCI then ./mock-key.txt else "/var/lib/sops-nix/age-key.txt");
   sopsFilePath = (if isCI then ./mock.yaml else ./common.yaml);
diff --git a/modules/shared/sops/mock.yaml b/modules/shared/sops/mock.yaml
index eefa999..6f94def 100644
--- a/modules/shared/sops/mock.yaml
+++ b/modules/shared/sops/mock.yaml
@@ -2,6 +2,10 @@ ci_ssh_priv: ENC[AES256_GCM,data:3Fd7HtFzD+0Pm0qnmaNeivSrEJnH6A3CzLrSyYD4J1rpdHC
 ci_ssh_pub: ENC[AES256_GCM,data:6BVY3GS9lMLR/dYNxyldcBJe1DrjG/yHjqfCIw==,iv:VZOA/Q9zmbMnf9DsXN90er+tSnJ+syg3QabDuDal92Q=,tag:+xwHADgq22cV5ai9xd6ceQ==,type:str]
 ci_wg_priv: ENC[AES256_GCM,data:uA4eiEhQbbhLkrTyhRX4Tg==,iv:uHbrAq/mSQ6TtMqGhJez3d13u9ZK1S92w49ntXvbA3g=,tag:KwjiYrnuQxrydVKKV4xN4A==,type:str]
 ci_wg_pub: ENC[AES256_GCM,data:MBIdTEkyJBvbTtYrQYS8,iv:GD3xmJEyD9yZaV72GubGCBi8BW74zmSr2hOl123g0mM=,tag:ekUniuYPCSxwlmB1yUbo4w==,type:str]
+sandbox_ssh_priv: ENC[AES256_GCM,data:OG5ZsSQFEbUKLXtHF9MAHWYwnxBM0EyVyj54sPs9XEsFaRXq3WDa+ANnpVqBLtw6cPodLQHyJ5tY/Hr1rdINNGyLPEz/Zm3K7vz6iXUeThAKDhYaCH4vccFFtQ==,iv:2NbVjpKTyyiY4rtC/A6s2nABo5p0VAWtzC6b6TrHkvI=,tag:sO+SUMws8HncC9dmeiJPSg==,type:str]
+sandboxssh_pub: ENC[AES256_GCM,data:Va3S+ecfUAjdlazIvQiXZigUSdyzjveDvkLXTjI5by5T,iv:t1dZniBh5GV4kACTGgL4bmxiL0EymMRIHMYrASTWSWU=,tag:wl0yV0tNHT/JCUZ65ZB72g==,type:str]
+sandbox_wg_priv: ENC[AES256_GCM,data:8d+WCtyGoEH3/4q1DZImUw==,iv:3efDzVFVCqv6yCNgBEXfQ19oh2bZLPO8my33uBgviW0=,tag:+WNPB7b6tVTzDlSVziDO2w==,type:str]
+sandbox_wg_pub: ENC[AES256_GCM,data:rpxkijFKzyKx3uhEa/+j,iv:UULKRJvU0lktwmKGcIP/sRAZb0j2e0iL40o3DkSv/+U=,tag:OWHbfFPbTY6l3Bu/og78Bg==,type:str]
 PGP_KEY: ENC[AES256_GCM,data:IVhL/l0JSPcefX1z,iv:/tOEukP7LiNhhdSw870vPeUGhN2lse2v1pZ5fJQglc0=,tag:++NUJeRhsDE9eRsbKu8Ldw==,type:str]
 wifi: ENC[AES256_GCM,data:SV3yNB/0dBqggh0kOKU98Nodd0VS4K8kTqg7aLyeAg==,iv:w4nspNxswHl2CZ7diPUzupzotfjskzp91NIq4f0v0UM=,tag:7nUHijRlEgyliWn2ZuZo/Q==,type:str]
 sops:
@@ -19,8 +23,8 @@ sops:
             aFplU05pYXpPQWZRY202bVhFd3pHdHcKfauUQhzuUwpoaSlky+PlsOTrVQjyCSxi
             NYlJ7ScbxzJsqTqJbZnD+lbSdWK2XVKXy1Vn4hR0C0WF7g2Y7CU7tg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-04-14T08:36:43Z"
-    mac: ENC[AES256_GCM,data:zWO5IETnr3clHvoNABNSA6izfTHNxPXEXcjh9FQhnSVKtzlY3UHHRhfSOPI2eGJ36TQ7xNEM8Fbe23WBTxI8TDb8ZCgB2njej1XQ72b8XM4JzevxlPEaolNo9SKXncVchNWTtKqeUhx07koRNogYKOKT8vlO57WmnrqoZqPy9N4=,iv:tjt9iNFnx/4TAQfF3wdVFw+qzU18cbEiJtu9NhyujZY=,tag:9M67OPo/3JEOlXJ4nBRMiQ==,type:str]
+    lastmodified: "2024-04-14T19:21:47Z"
+    mac: ENC[AES256_GCM,data:WeAH1RKpRSNQ/7oompyfKAqPPjyJnAdKec9kT9muaESDn28ecqeEZaC4EYSvA8dtr4+nfoGYPe3bB8JLrfPFa5uWLH/74zGpACxAN6JKwvGl2sFIds6rt02QWRjz285R3ZNCCzbzZQUACS3r/Ayz+4H+d+UxMD9b44Vx6i3HOqA=,iv:hSjgqneNasIZxIS+QRT4h9rgr6UDVBJ75arST5+jP0Y=,tag:Ce1HWkbqRfKKKcA/tQDBww==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/modules/shared/syscfg/default.nix b/modules/shared/syscfg/default.nix
index 207c58a..3f82b3a 100644
--- a/modules/shared/syscfg/default.nix
+++ b/modules/shared/syscfg/default.nix
@@ -45,16 +45,28 @@ in with lib; {
     };
     net = {
       wlp = {
-        enable = mkOption { type = types.bool; };
-        nif = mkOption { type = types.str; };
+        enable = mkOption {
+          type = types.bool;
+          default = false;
+        };
+        nif = mkOption {
+          type = types.str;
+          default = "";
+        };
       };
       wg = {
         enable = mkOption {
           type = types.bool;
-          default = true;
+          default = false;
+        };
+        ip4 = mkOption {
+          type = types.str;
+          default = "";
+        };
+        ip6 = mkOption {
+          type = types.str;
+          default = "";
         };
-        ip4 = mkOption { type = types.str; };
-        ip6 = mkOption { type = types.str; };
       };
     };
     users = mkOption {
diff --git a/systems/avalon/server/docker/cloud.nix b/systems/avalon/server/docker/cloud.nix
index 2e9e9c8..3270e93 100644
--- a/systems/avalon/server/docker/cloud.nix
+++ b/systems/avalon/server/docker/cloud.nix
@@ -69,7 +69,7 @@ in {
         RESOLVE_TO_PROXY_IP = "true";
         NETWORK_ACCESS = "internal";
         extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
-        dictionaries = "en fr de jp no";
+        dictionaries = "en fr de jp";
       };
       labels = {
         "traefik.enable" = "true";
diff --git a/systems/sandbox/cfg.nix b/systems/sandbox/cfg.nix
new file mode 100644
index 0000000..01f7de1
--- /dev/null
+++ b/systems/sandbox/cfg.nix
@@ -0,0 +1,26 @@
+{
+  syscfg = {
+    hostname = "sandbox";
+    defaultUser = "sora";
+    users = [{
+      username = "sora";
+      git = {
+        email = "soraefir+git@helcel";
+        username = "soraefir";
+        key = "4E241635F8EDD2919D2FB44CA362EA0491E2EEA0";
+      };
+    }];
+    make = {
+      gui = false;
+      cli = true;
+      virt = true;
+      power = false;
+      game = false;
+      develop = false;
+    };
+    net = {
+      wlp = { enable = false; };
+      wg = { enable = false; };
+    };
+  };
+}
diff --git a/systems/sandbox/default.nix b/systems/sandbox/default.nix
new file mode 100644
index 0000000..a9cdf05
--- /dev/null
+++ b/systems/sandbox/default.nix
@@ -0,0 +1,2 @@
+{ config, inputs, ... }: { imports = [ ./hardware.nix ]; }
+
diff --git a/systems/sandbox/hardware.nix b/systems/sandbox/hardware.nix
new file mode 100644
index 0000000..f21a799
--- /dev/null
+++ b/systems/sandbox/hardware.nix
@@ -0,0 +1,14 @@
+{ modulesPath, ... }: {
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  boot.loader.grub.device = "/dev/sda";
+  boot.initrd.availableKernelModules =
+    [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+
+  fileSystems."/" = {
+    device = "/dev/sda3";
+    fsType = "btrfs";
+  };
+}