Add state version to apollo and cluster

Remove home-manager ssh config for now due to bad default permissions

.sops.yaml

@@ -5,6 +5,8 @@ keys:
     - &personal:
       - &cap_slim7    age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
       - &cap_nr200p   age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
+    - &apollo:
+      - &cap_apollo_n01 age1ljcy90uwlfngc7vqwlf2x2ckgsdfg90c0r9yvjzpl90jkwf9g48q2leudt
     - &cluster:
       - &cap_clust_01 age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
       - &cap_clust_02 age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
@@ -16,12 +18,19 @@ keys:
       - &cap_clust_08 age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
       - &cap_clust_09 age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
 creation_rules:
+  - path_regex: users/caperren/secrets/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+      - age:
+          - *caperren
+          - *cap_slim7
+          - *cap_nr200p
   - path_regex: secrets/default.yaml$
     key_groups:
       - age:
           - *caperren
           - *cap_slim7
           - *cap_nr200p
+          - *cap_apollo_n01
           - *cap_clust_01
           - *cap_clust_02
           - *cap_clust_03

flake.nix

@@ -28,6 +28,7 @@
     {
       nixosConfigurations.cap-clust-01 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-clust-01/configuration.nix
           sops-nix.nixosModules.sops
@@ -36,6 +37,7 @@
       };
       nixosConfigurations.cap-clust-02 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-clust-02/configuration.nix
           sops-nix.nixosModules.sops
@@ -44,6 +46,7 @@
       };
       nixosConfigurations.cap-clust-03 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-clust-03/configuration.nix
           sops-nix.nixosModules.sops
@@ -52,6 +55,7 @@
       };
       nixosConfigurations.cap-clust-04 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-clust-04/configuration.nix
           sops-nix.nixosModules.sops
@@ -60,6 +64,7 @@
       };
       nixosConfigurations.cap-clust-05 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-clust-05/configuration.nix
           sops-nix.nixosModules.sops
@@ -68,6 +73,7 @@
       };
       nixosConfigurations.cap-clust-06 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-clust-06/configuration.nix
           sops-nix.nixosModules.sops
@@ -76,6 +82,7 @@
       };
       nixosConfigurations.cap-clust-07 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-clust-07/configuration.nix
           sops-nix.nixosModules.sops
@@ -84,6 +91,7 @@
       };
       nixosConfigurations.cap-clust-08 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-clust-08/configuration.nix
           sops-nix.nixosModules.sops
@@ -92,6 +100,7 @@
       };
       nixosConfigurations.cap-clust-09 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-clust-09/configuration.nix
           sops-nix.nixosModules.sops
@@ -99,11 +108,19 @@
         ];
       };
 
+      nixosConfigurations.cap-apollo-n01 = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+          ./hosts/cap-apollo-n01/configuration.nix
+          sops-nix.nixosModules.sops
+          inputs.home-manager.nixosModules.default
+        ];
+      };
+
       nixosConfigurations.cap-slim7 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
-        specialArgs = {
-          inherit inputs;
-        };
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-slim7/configuration.nix
           sops-nix.nixosModules.sops
@@ -114,10 +131,11 @@
 
       nixosConfigurations.cap-nr200p = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-nr200p/configuration.nix
-          sops-nix.nixosModules.sops
           inputs.home-manager.nixosModules.default
+          sops-nix.nixosModules.sops
         ];
       };
     };

hosts/cap-apollo-n01/configuration.nix

@@ -0,0 +1,34 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    # Hardware Scan
+    ./hardware-configuration.nix
+
+    # Users
+    ../../users/apollo-admin/apollo-admin.nix
+
+    # System Configuration
+    ../../modules/system/cpu-intel.nix
+    ../../modules/system/fonts.nix
+    ../../modules/system/home-manager-settings.nix
+    ../../modules/system/internationalization.nix
+    ../../modules/system/networking.nix
+    ../../modules/system/nix-settings.nix
+    ../../modules/system/security.nix
+    ../../modules/system/systemd-boot.nix
+
+    # Application Groups
+    ../../modules/application-groups/system-utilities-cluster.nix
+    ../../modules/application-groups/virtualization.nix
+  ];
+
+  networking.hostName = "cap-apollo-n01";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
+}

hosts/cap-apollo-n01/hardware-configuration.nix

@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "uhci_hcd" "hpsa" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/1fa744fd-82d2-4997-a757-28ae96461a96";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/F57E-AA2D";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/cap-clust-01/configuration.nix

@@ -11,7 +11,13 @@
     ../../modules/application-groups/k3s-primary.nix
   ];
 
-#  sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml;
-
   networking.hostName = "cap-clust-01";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
 }

hosts/cap-clust-02/configuration.nix

@@ -12,4 +12,12 @@
   ];
 
   networking.hostName = "cap-clust-02";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
 }

hosts/cap-clust-03/configuration.nix

@@ -8,8 +8,16 @@
     ../../modules/host-groups/cluster.nix
 
     # Application Groups
-    ../../modules/application-groups/k3s-primary.nix
+    ../../modules/application-groups/k3s-secondary.nix
   ];
 
   networking.hostName = "cap-clust-03";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
 }

hosts/cap-clust-04/configuration.nix

@@ -9,4 +9,12 @@
   ];
 
   networking.hostName = "cap-clust-04";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
 }

hosts/cap-clust-05/configuration.nix

@@ -9,4 +9,12 @@
   ];
 
   networking.hostName = "cap-clust-05";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
 }

hosts/cap-clust-06/configuration.nix

@@ -9,4 +9,12 @@
   ];
 
   networking.hostName = "cap-clust-06";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
 }

hosts/cap-clust-07/configuration.nix

@@ -9,4 +9,12 @@
   ];
 
   networking.hostName = "cap-clust-07";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
 }

hosts/cap-clust-08/configuration.nix

@@ -9,4 +9,12 @@
   ];
 
   networking.hostName = "cap-clust-08";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
 }

hosts/cap-clust-09/configuration.nix

@@ -9,4 +9,12 @@
   ];
 
   networking.hostName = "cap-clust-09";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
 }

hosts/cap-nr200p/configuration.nix

@@ -21,7 +21,7 @@
     ../../modules/system/cpu-amd.nix
     ../../modules/system/desktop.nix
     ../../modules/system/fonts.nix
-    ../../modules/system/gpu-nvidia.nix
+    ../../modules/system/gpu-amd.nix
     ../../modules/system/home-manager-settings.nix
     ../../modules/system/hyprland.nix
     ../../modules/system/internationalization.nix

modules/application-groups/k3s-secondary.nix

@@ -1,9 +1,11 @@
 { config, pkgs, ... }:
 {
+  sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml;
+
   services.k3s = {
     enable = true;
     role = "server"; # Or "agent" for worker only nodes
-    token = "forinitialtestingonly";
+    tokenFile = config.sops.secrets.k3s_token.path;
     serverAddr = "https://cap-clust-01:6443";
   };
 }

modules/host-groups/cluster.nix

@@ -8,7 +8,7 @@
     # System Configuration
     ../system/cpu-amd.nix
     ../system/fonts.nix
-#    ../system/git-auto-rebuild.nix
+    ../system/git-auto-rebuild.nix
     ../system/gpu-amd.nix
     ../system/home-manager-settings.nix
     ../system/internationalization.nix
@@ -21,8 +21,6 @@
     ../application-groups/system-utilities-cluster.nix
   ];
 
-  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-
   time.timeZone = "America/Los_Angeles";
 
   # This value determines the NixOS release from which the default

modules/system/cpu-intel.nix

@@ -0,0 +1,4 @@
+{ config, lib, ... }:
+{
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

modules/system/home-manager-settings.nix

@@ -1,5 +1,11 @@
 { inputs, ... }:
 {
-  home-manager.useGlobalPkgs = true;
-  home-manager.backupFileExtension = "bkp";
+  home-manager = {
+    useGlobalPkgs = true;
+    backupFileExtension = "bkp";
+    sharedModules = [
+      inputs.sops-nix.homeManagerModules.sops
+    ];
+  };
+
 }

users/apollo-admin/apollo-admin.nix

@@ -0,0 +1,45 @@
+{ config, pkgs, ... }:
+let
+  sshCaperrenDesktopPubkey = builtins.readFile ../caperren/pubkeys/cap-nr200p.pub;
+  sshCaperrenLaptopPubkey = builtins.readFile ../caperren/pubkeys/cap-slim7.pub;
+in
+{
+  users.users.apollo-admin = {
+    initialPassword = "changeme";
+    isNormalUser = true;
+    description = "Cluster Admin";
+    extraGroups = [
+      "docker"
+      "networkmanager"
+      "wheel"
+    ];
+    openssh.authorizedKeys.keys = [
+      sshCaperrenDesktopPubkey
+      sshCaperrenLaptopPubkey
+    ];
+  };
+
+  home-manager.users.apollo-admin = {
+    home.username = "apollo-admin";
+    home.homeDirectory = "/home/apollo-admin";
+    home.stateVersion = "25.05";
+
+    home.packages = with pkgs; [ ];
+
+    programs.bash.enable = true;
+
+    programs.git = {
+      enable = true;
+      settings.user = {
+        name = "Corwin Perren";
+        email = "caperren@gmail.com";
+      };
+
+    };
+
+    programs.kitty = {
+      enable = true;
+      font.name = "JetBrains Mono";
+    };
+  };
+}