Add nixos tartvm

configurations/nixos/infinitude-nixos/configuration.nix

@@ -0,0 +1,55 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "infinitude-nixos"; # Define your hostname.
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "America/Toronto";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_CA.UTF-8";
+
+  services.openssh.enable = true;
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.admin = {
+    isNormalUser = true;
+    description = "admin";
+    extraGroups = [ "networkmanager" "wheel" ];
+    packages = with pkgs; [
+      #  thunderbird
+    ];
+  };
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.05"; # Did you read the comment?
+
+}

configurations/nixos/infinitude-nixos/default.nix

@@ -0,0 +1,21 @@
+{ flake, pkgs, lib, ... }:
+
+let
+  inherit (flake) inputs;
+  inherit (inputs) self;
+in
+{
+  nixos-unified.sshTarget = "admin@infinitude-nixos";
+
+  imports = [
+    inputs.agenix.nixosModules.default
+    ./configuration.nix
+    (self + /modules/nixos/shared/github-runner.nix)
+  ];
+
+  services.tailscale.enable = true;
+
+  # Workaround the annoying `Failed to start Network Manager Wait Online` error on switch.
+  # https://github.com/NixOS/nixpkgs/issues/180175
+  systemd.services.NetworkManager-wait-online.enable = false;
+}

configurations/nixos/infinitude-nixos/hardware-configuration.nix

@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ ];
+
+  boot.initrd.availableKernelModules = [ "virtio_pci" "xhci_pci" "usbhid" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/f1cf07bd-ef5a-4584-8fdf-348ac7ca8891";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    {
+      device = "/dev/disk/by-uuid/229C-1BE1";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/5afde2f2-cf66-416c-ae0f-3a84b56e13d4"; }];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}

flake.lock

@@ -842,11 +842,11 @@
     },
     "nixos-unified": {
       "locked": {
-        "lastModified": 1751174231,
-        "narHash": "sha256-OLPo3ZI/gKH0C6P6l2W9RYm1ow/Jl4qBrasQ3rjAA0E=",
+        "lastModified": 1753730363,
+        "narHash": "sha256-IB+0W+n6cMnYwYjFGsJi7TIJA26pSaFhgzwmnmB9Pdc=",
         "owner": "srid",
         "repo": "nixos-unified",
-        "rev": "05eb3d59d3b48460ea01c419702d4fc0c3210805",
+        "rev": "e91aecaaa310065b067b946774660febc7f212a2",
         "type": "github"
       },
       "original": {

modules/nixos/shared/github-runner.nix

@@ -31,6 +31,7 @@ in
       "srid/emanote".num = 2;
       "srid/ema".num = 2;
       "srid/t".num = 1;
+      "srid/srid".num = 1;
       "srid/haskell-flake".num = 2;
       "srid/nixos-unified".num = 2;
     };

secrets/github-nix-ci/srid.token.age

@@ -1,9 +1,12 @@
 age-encryption.org/v1
--> ssh-ed25519 96IXNQ KBrrdrg2WOOIHMYRGK6UcwUrPWvaVgmUuau5qsohQD4
-4XVlhSSb431o+4FFa/eFuCMcJeveh8b+F3XqVRYacng
--> ssh-ed25519 Ysxvmg aYxitWy7xeY3su7nXo1FV3UGfIGrvruO2+VPMbzK82I
-GbEFVAZXb2mdbg8GaesEeq6TJWkhi+c/cY3s3CATIyE
--> ssh-ed25519 HQ+y9w SpQmQIwViY75uPCIKK785/2QYv8piO6K8eg0548AvgM
-KatJYMrtpMTqGi5gtfQtwHzISA9FlQZAjWzliXcfFIc
---- fGYDeZ9VW8Zrh9UGPnlm8Ea1SjRtRDeeJNmBxSun6A4
-O4²a+ÉB²(áƒ@I|êDÁÔSÖ¿5hð'Ñ…49-V|Á«COëê*Q/¯àñF<C3B1>Šb´1ÏaüI_<49>Ý©Œ…ß3k“Eƒ<45>Þ9¡yUöäÅûÐg‘UûãKç½EúpŠ+_)—³hŽ	<0B>ê$.au1ÍäëïÈ<C3AF>
+-> ssh-ed25519 96IXNQ qxnWrc61w1kSBf3m7ofJWrTTdhrKSMmp9iW5y9RzdUU
+epgghGOuuMctx4uyYWrvN33tu4dL91E8VNxlMuvxw/g
+-> ssh-ed25519 Ysxvmg ZjHA3/xCKFO+sk9RGRXkfGcxixk4arKP6PlRnLKRqi0
+CJITJ6M4KRM5lH23O5kWY8qjs+WEZLe5OooaIa7LInE
+-> ssh-ed25519 HQ+y9w MyD/org+yNN0HhLh3GLG9PbCxIjffsMOxcJaQAmeThI
+jGFfuzJmA+AXgG9OI1c88TD4GHFA4C4GnzBPYlbvjQY
+-> ssh-ed25519 p0qplg dod6JyHjstJGo0LgxlG4z5zrca8qunco+UuFLYZUyxo
+cWZElzFjbZESN2tlbna76yn77qm6e1og7OhoLzYsqVc
+--- dD6aThNJBsJXoIS+6JbkIk1o3FJUbvjjjRwX6k3Riz0
+ 
+ÊtJÏ$uÅb” |åŸGÁŽ¦Þê#b‹ÄÂж春+´áÜOºMÍ罕`·ÜþBâ݈¡	ä‘o(å!³wÌt-¿vº(ª&™Â‚8Æ´Ö*;_©6€}IèóuG‡±³‘`U?gñ:Â7í°<C3AD>½L¢ù j¬

secrets/pureintent-basic-auth.age

@@ -1,10 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 96IXNQ P3pVYQzSm77sy04g/Y2asjjTJnraXLO9rYfWWYqRfH4
-5TpD16U53+kC41MkRnjo1o3X210fRdH2pC9qUNDZBjY
--> ssh-ed25519 Ysxvmg A9A8coA49aRDhLDu6OmqDuur2eNq/YMl5jOqX4UrXAQ
-YxyXQW+VOFCTf5osrqx1iEsDIoSxXAkH4tyn9PRMnDw
--> ssh-ed25519 HQ+y9w 2eRoF4XuC227syIZ+t6+8lP77CbjHEXPt27GiZqUdRQ
-9mlHSj/XKOFbnyWc5cmvTwolqXPEZXEPMmC+dTO8BRc
---- nKy6Gb7HhzVDo2BoZJhxlqMWmbnXGhGyhpf5WOlMUkw
-6"ñ¥ê£;¿…à‡,¨ŠÔâÔ<C3A2>bY·
bÏ:
-³šI‚råzHTŸ»´m#÷Î6·•…I™šƒTT‰KO”jhj÷‡].¼µÊfp"”¸ÿ”ud‰®<E280B0>VÔ_À:q:
mzIë
+-> ssh-ed25519 96IXNQ 0/NuV8hDzg51QcJGiwG0/baeBQc+W9h9q66AzEm+EnY
+V1xUVHQQmXo6YN+BF+ZCn9Ew+bcUqP0975JmvaiSY4o
+-> ssh-ed25519 Ysxvmg DxRnKZodptsoekhgqYHvRTmuDoqwsvzZ+lsXA2wU8U8
+lJxE8eCxkBCd5uHUSrOMywBgy0HQEekU5HEn9k7v6xE
+-> ssh-ed25519 HQ+y9w sjoTiMATKONmXTmEfmUEsURXxKOEnYS8K3wcTP6OEWU
+kmj2v92yAR8mo/5bL24GMJ9idN4DXPoBh41sGmJFu6U
+-> ssh-ed25519 p0qplg 1TuM1BqPK2U5prLL/zEel4nHLEtxud34aSslvCS1k1k
+PvnOGEDrQ0Mek3Z/VeHAcvhdurAN1RZxACiLsali6WQ
+--- 2AiI3tw705Kala8qEBWg0PIlXn+yOyeDns01nZ7YjGw
+̉<>Ït¼ª¬ä<C2AC>þu
#`=ªèU&S•p6C§Eé:~v;b}<7D>€Ó›.'<27>TŒ-xŠ(;Þ|¹ƒÑ\Sù!æR£dWy£<79>
¬¬ëDœÞ5‡8œqA}*ѱZS

secrets/secrets.nix

@@ -4,7 +4,8 @@ let
 
   pureintent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkY5feaNt4elPqRQimB9h3OFxtFAzp98p1H+JezBv92 root@nixos";
   infinitude-macos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjg6aknmaXdQ/arHcTD+USFwCTsUGyJv9R1dXnejdby";
-  systems = [ pureintent infinitude-macos ];
+  infinitude-nixos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhLuTee/YS04uBhg9Zri5OKfQySoeUXxVVpz6xVUtB5";
+  systems = [ pureintent infinitude-macos infinitude-nixos ];
 in
 {
   "hedgedoc.env.age".publicKeys = users ++ systems;