From 942429d150baafa1114c46ddcdba02a1ba90e3a5 Mon Sep 17 00:00:00 2001 From: Emile Date: Sun, 21 Jul 2024 17:41:42 +0200 Subject: lerneaus init --- nix/hosts/lernaeus/configuration.nix | 100 ++++++++++++++++++++++++++ nix/hosts/lernaeus/hardware-configuration.nix | 48 +++++++++++++ nix/hosts/lernaeus/ssh.pub | 1 + 3 files changed, 149 insertions(+) create mode 100644 nix/hosts/lernaeus/configuration.nix create mode 100644 nix/hosts/lernaeus/hardware-configuration.nix create mode 100644 nix/hosts/lernaeus/ssh.pub (limited to 'nix/hosts/lernaeus') diff --git a/nix/hosts/lernaeus/configuration.nix b/nix/hosts/lernaeus/configuration.nix new file mode 100644 index 0000000..9522b76 --- /dev/null +++ b/nix/hosts/lernaeus/configuration.nix @@ -0,0 +1,100 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +let + emile_keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPZi43zHEsoWaQomLGaftPE5k0RqVrZyiTtGqZlpWsew emile@caladan" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEzLZ56SEgwZZ0OusTdSDDhpMlxSg1zPNdRLuxKOfrR5 emile@chusuk" + ]; +in { + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + boot = { + loader.systemd-boot.enable = true; + kernelParams = [ "ip=dhcp" ]; + initrd = { + availableKernelModules = [ "r8169" ]; + systemd.users.root.shell = "/bin/cryptsetup-askpass"; + network = { + enable = true; + ssh = { + enable = true; + port = 22; + hostKeys = [ "/initrd_ssh_host_key_ed25519" ]; + }; + postCommands = '' + echo 'cryptsetup-askpass' > /root/.profile + ''; + }; + }; + }; + + fileSystems = { + "/".options = [ "compress=zstd" ]; + "/home".options = [ "compress=zstd" ]; + "/nix".options = [ "compress=zstd" "noatime" ]; + }; + + networking = { + hostName = "lernaeus"; + firewall.enable = true; + }; + + time.timeZone = "Europe/Berlin"; + + users.users = { + root = { + hashedPassword = ""; + openssh.authorizedKeys.keys = emile_keys; + }; + emile = { + isNormalUser = true; + extraGroups = ["wheel"]; + openssh.authorizedKeys.keys = emile_keys; + }; + }; + + environment.systemPackages = with pkgs; [ vim tailscale ]; + + programs.mosh.enable = true; + + services = { + openssh.enable = true; + vnstat.enable = true; + tailscale.enable = true; + + btrfs = { + autoScrub.enable = true; + autoScrub.interval = "weekly"; + }; + + prometheus.exporters = { + node.enable = true; + systemd.enable = true; + smartctl.enable = true; + }; + }; + + nix = { + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 14d"; + }; + settings = { + auto-optimise-store = true; + }; + }; + + system = { + stateVersion = "23.11"; + autoUpgrade.enable = true; + }; +} + diff --git a/nix/hosts/lernaeus/hardware-configuration.nix b/nix/hosts/lernaeus/hardware-configuration.nix new file mode 100644 index 0000000..389185a --- /dev/null +++ b/nix/hosts/lernaeus/hardware-configuration.nix @@ -0,0 +1,48 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/5156d8cd-a3d3-4897-b330-156cc10f1aa1"; + fsType = "btrfs"; + options = [ "subvol=root" ]; + }; + + boot.initrd.luks.devices."luksroot1".device = "/dev/disk/by-uuid/6c4e193a-3e6b-45e1-bb1a-aa18fbcab725"; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/5156d8cd-a3d3-4897-b330-156cc10f1aa1"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/5156d8cd-a3d3-4897-b330-156cc10f1aa1"; + fsType = "btrfs"; + options = [ "subvol=nix" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nix/hosts/lernaeus/ssh.pub b/nix/hosts/lernaeus/ssh.pub new file mode 100644 index 0000000..b8d530b --- /dev/null +++ b/nix/hosts/lernaeus/ssh.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2J/dq5OTKqjnIYPX6hDNJBpT3BnaMqsrXJoAfCanyK root@lernaeus -- cgit 1.4.1