From c427bda5b05f1e3f36ec617d128640bca757714d Mon Sep 17 00:00:00 2001
From: Eli Ribble <eli@gleipnir.technology>
Date: Fri, 15 Aug 2025 00:34:21 +0000
Subject: [PATCH] Create sync nidus host configuration

It has next to nothing in it, at this point.
---
 flake.nix                            | 43 +++++++++++++++++++-----
 host/sync/configuration.nix          | 49 ++++++++++++++++++++++++++++
 host/sync/hardware-configuration.nix |  9 +++++
 modules/system/synapse.nix           |  8 +++++
 4 files changed, 101 insertions(+), 8 deletions(-)
 create mode 100644 host/sync/configuration.nix
 create mode 100644 host/sync/hardware-configuration.nix

diff --git a/flake.nix b/flake.nix
index 2747858..3e38d30 100644
--- a/flake.nix
+++ b/flake.nix
@@ -52,14 +52,41 @@
 								age.keyFile = "/var/libs/sops-nix/key.txt";
 								age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
 								defaultSopsFile = ./secrets/secrets.yaml;
-								secrets.matrix = {
-									format = "yaml";
-									group = "matrix-synapse";
-									key = "";
-									owner = "matrix-synapse";
-									restartUnits = [ "matrix-synapse.service" ];
-									sopsFile = ./host/corp/secrets/matrix.yaml;
-								};
+							};
+						}
+						./users
+					];
+					pkgs = import nixpkgs {
+						config = {
+							allowUnfreePredicate = pkg: builtins.elem (nixpkgs.lib.getName pkg) allowed-unfree-packages;
+						};
+						system = "${system}";
+					};
+					specialArgs = {
+						inherit configFiles;
+					};
+					system = "${system}";
+				};
+				"sync.nidus.cloud" = nixpkgs.lib.nixosSystem {
+					modules = [
+						home-manager.nixosModules.home-manager
+						{
+							home-manager.extraSpecialArgs = { inherit configFiles; };
+							home-manager.sharedModules = [
+								nixvim.homeManagerModules.nixvim
+								./modules/home/nixvim.nix
+							];
+							home-manager.useGlobalPkgs = true;
+							home-manager.useUserPackages = true;
+						}
+						./host/sync/configuration.nix
+						./modules
+						sops-nix.nixosModules.sops {
+							sops = {
+								age.generateKey = true;
+								age.keyFile = "/var/libs/sops-nix/key.txt";
+								age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+								defaultSopsFile = ./secrets/secrets.yaml;
 							};
 						}
 						./users
diff --git a/host/sync/configuration.nix b/host/sync/configuration.nix
new file mode 100644
index 0000000..00279b5
--- /dev/null
+++ b/host/sync/configuration.nix
@@ -0,0 +1,49 @@
+{ config, lib, pkgs, ... }: {
+	imports = [
+		./hardware-configuration.nix
+		./networking.nix # generated at runtime by nixos-infect
+	];
+
+	environment.systemPackages = with pkgs; [
+		age
+		fish
+		git
+		htop
+		neovim
+		podman
+		postgresql
+		tmux
+		wget
+	];
+	myModules = {};
+	services.openssh.enable = true;
+	users.users.deploy = {
+		extraGroups = [ "deploy" ];
+		isNormalUser = true;
+	};
+	zramSwap.enable = true;
+
+	# Copy the NixOS configuration file and link it from the resulting system
+	# (/run/current-system/configuration.nix). This is useful in case you
+	# accidentally delete configuration.nix.
+	# system.copySystemConfiguration = true;
+
+	# This option defines the first version of NixOS you have installed on this particular machine,
+	# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+	#
+	# Most users should NEVER change this value after the initial install, for any reason,
+	# even if you've upgraded your system to a new NixOS release.
+	#
+	# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+	# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+	# to actually do that.
+	#
+	# This value being lower than the current NixOS release does NOT mean your system is
+	# out of date, out of support, or vulnerable.
+	#
+	# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+	# and migrated your data accordingly.
+	#
+	# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+	system.stateVersion = "25.05";
+}
diff --git a/host/sync/hardware-configuration.nix b/host/sync/hardware-configuration.nix
new file mode 100644
index 0000000..d634744
--- /dev/null
+++ b/host/sync/hardware-configuration.nix
@@ -0,0 +1,9 @@
+{ modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub.device = "/dev/vda";
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+  fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
+  
+}
diff --git a/modules/system/synapse.nix b/modules/system/synapse.nix
index a8cac88..dd36b88 100644
--- a/modules/system/synapse.nix
+++ b/modules/system/synapse.nix
@@ -56,5 +56,13 @@ in {
 				server_name = config.networking.domain;
 			};
 		};
+		sops.secrets.matrix = {
+			format = "yaml";
+			group = "matrix-synapse";
+			key = "";
+			owner = "matrix-synapse";
+			restartUnits = [ "matrix-synapse.service" ];
+			sopsFile = ./host/corp/secrets/matrix.yaml;
+		};
 	};
 }