sqq1-desk2

data.nix

@@ -58,6 +58,10 @@ rec {
         vno4IP
       ];
     };
+    "sqq1-desk2.jakst.vpn" = rec {
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBKJjc2V5meA4+4O3GXX+Pwh6Lwwu4cvBGIZ52tufB4X";
+      system = "x86_64-linux";
+    };
     "vno3-nk.jakst.vpn" = rec {
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBp3QL8p4AbuijEQX/uVHj6nkJ2/8qNSciL+Glydw2yK";
       system = "x86_64-linux";

flake.nix

@@ -223,6 +223,21 @@
           // inputs;
         };
 
+        sqq1-desk2 = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          modules = [
+            { nixpkgs.overlays = baseOverlays; }
+            ./hosts/sqq1-desk2/configuration.nix
+            home-manager.nixosModules.home-manager
+            agenix.nixosModules.default
+          ];
+
+          specialArgs = {
+            inherit myData;
+          }
+          // inputs;
+        };
+
       };
 
       deploy.nodes = {
@@ -281,6 +296,17 @@
           };
         };
 
+        sqq1-desk2 = {
+          hostname = "sqq1-desk2.jakst.vpn";
+          profiles = {
+            system = {
+              sshUser = "motiejus";
+              path = self.nixosConfigurations.sqq1-desk2.pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.sqq1-desk2;
+              user = "root";
+            };
+          };
+        };
+
       };
       checks = builtins.mapAttrs (
         system: deployLib:

hosts/sqq1-desk2/configuration.nix

@@ -0,0 +1,87 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+let
+  nvme = "/dev/disk/by-id/nvme-WDC_WDS250G2B0C-00PXH0_2043E7802918";
+in
+{
+  imports = [
+    ../../modules
+    ../../modules/profiles/xfce4
+    ../../modules/profiles/btrfs
+  ];
+
+  age.secrets = {
+    motiejus-passwd-hash.file = ../../secrets/motiejus_passwd_hash.age;
+    root-passwd-hash.file = ../../secrets/root_passwd_hash.age;
+  };
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "xhci_pci"
+        "thunderbolt"
+        "ahci"
+        "usbhid"
+        "tpm_tis"
+      ];
+    };
+  };
+
+  swapDevices = [
+    {
+      device = "${nvme}-part2";
+      randomEncryption.enable = true;
+    }
+  ];
+
+  fileSystems = {
+    "/" = {
+      device = "${nvme}-part3";
+      fsType = "btrfs";
+      options = [ "compress=zstd" ];
+    };
+    "/boot" = {
+      device = "${nvme}-part1";
+      fsType = "vfat";
+    };
+  };
+
+  hardware.cpu.intel.updateMicrocode = true;
+  nixpkgs.hostPlatform = "x86_64-linux";
+
+  mj = {
+    stateVersion = "25.05";
+    timeZone = "Europe/Vilnius";
+    username = "motiejus";
+
+    base = {
+      users = {
+        enable = true;
+        root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
+        user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
+      };
+    };
+
+    services = {
+      tailscale = {
+        enable = true;
+        verboseLogs = true;
+        acceptDNS = true;
+      };
+    };
+  };
+
+  environment = {
+    systemPackages = with pkgs; [ ];
+  };
+
+  networking = {
+    hostId = "ef04ee1";
+    hostName = "sqq-desk2";
+    domain = "jakst.vpn";
+    firewall.rejectPackets = true;
+  };
+}

secrets.nix

@@ -11,13 +11,15 @@ let
   fra1-c = (import ./data.nix).hosts."fra1-c.jakst.vpn".publicKey;
   mtworx = (import ./data.nix).hosts."mtworx.jakst.vpn".publicKey;
   vno1-gdrx = (import ./data.nix).hosts."vno1-gdrx.jakst.vpn".publicKey;
+  sqq1-desk2 = (import ./data.nix).hosts."sqq1-desk2.jakst.vpn".publicKey;
 
   systems = [
+    fra1-c
+    mtworx
     fwminex
     vno3-nk
-    fra1-c
     vno1-gdrx
-    mtworx
+    sqq1-desk2
   ];
 
   mk =