diff --git a/hosts/blue-shell/configuration.nix b/hosts/blue-shell/configuration.nix new file mode 100644 index 00000000..07364e55 --- /dev/null +++ b/hosts/blue-shell/configuration.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: +{ + boot.loader.grub.enable = true; + + boot.kernelParams = [ + "boot.shell_on_fail=1" + "ip=dhcp" + ]; + + services.openssh.openFirewall = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "24.05"; # Did you read the comment? +} diff --git a/hosts/blue-shell/default.nix b/hosts/blue-shell/default.nix new file mode 100644 index 00000000..3ac09fd5 --- /dev/null +++ b/hosts/blue-shell/default.nix @@ -0,0 +1,13 @@ +{ flake, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./configuration.nix + ./disk-config.nix + + ./networking.nix + #./wireguard.nix + #./backups.nix + ]; +} diff --git a/hosts/blue-shell/disk-config.nix b/hosts/blue-shell/disk-config.nix new file mode 100644 index 00000000..9be1ff5a --- /dev/null +++ b/hosts/blue-shell/disk-config.nix @@ -0,0 +1,109 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/vdb"; + content = { + type = "gpt"; + partitions = { + bios = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + boot = { + size = "1G"; + type = "8300"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "cryptroot"; + extraOpenArgs = [ ]; + # if you want to use the key for interactive login be sure there is no trailing newline + # for example use `echo -n "password" > /tmp/secret.key` + passwordFile = "/tmp/luks-password"; + content = { + type = "lvm_pv"; + vg = "vg0"; + }; + }; + }; + }; + }; + }; + data = { + type = "disk"; + device = "/dev/vdc"; + content = { + type = "gpt"; + partitions = { + luks = { + size = "100%"; + content = { + type = "luks"; + name = "cryptdata"; + extraOpenArgs = [ ]; + # if you want to use the key for interactive login be sure there is no trailing newline + # for example use `echo -n "password" > /tmp/secret.key` + passwordFile = "/tmp/luks-password"; + content = { + type = "filesystem"; + format = "xfs"; + mountpoint = "/var/lib/garage/data"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; + }; + lvm_vg = { + vg0 = { + type = "lvm_vg"; + lvs = { + root = { + size = "100G"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + swap = { + size = "16G"; + content = { + type = "swap"; + }; + }; + metadata = { + size = "50G"; + content = { + type = "filesystem"; + format = "btrfs"; + mountpoint = "/var/lib/garage/meta"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/blue-shell/hardware-configuration.nix b/hosts/blue-shell/hardware-configuration.nix new file mode 100644 index 00000000..d6d2835e --- /dev/null +++ b/hosts/blue-shell/hardware-configuration.nix @@ -0,0 +1,17 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/blue-shell/networking.nix b/hosts/blue-shell/networking.nix new file mode 100644 index 00000000..8aea3d99 --- /dev/null +++ b/hosts/blue-shell/networking.nix @@ -0,0 +1,26 @@ +{ + config, + pkgs, + flake, + ... +}: +{ + services.garage.settings.rpc_public_addr = "[2a03:4000:43:24e::1]:3901"; + + networking.hostName = "blue-shell"; + networking.hostId = "00000005"; + + networking.useDHCP = false; + systemd.network.enable = true; + systemd.network.networks."10-wan" = { + matchConfig.Name = "ens3"; + address = [ + "194.13.83.205/22" + "2a03:4000:43:24e::1/64" + ]; + gateway = [ + "194.13.80.1" + "fe80::1" + ]; + }; +} diff --git a/hosts/default.nix b/hosts/default.nix index 9a9b7e42..0d7fa471 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -118,6 +118,22 @@ self.nixosModules.garage ]; }; + + blue-shell = self.nixos-flake.lib.mkLinuxSystem { + imports = [ + self.inputs.agenix.nixosModules.default + self.inputs.disko.nixosModules.disko + self.nixosModules.home-manager + ./blue-shell + self.nixosModules.overlays + self.nixosModules.unlock-luks-on-boot + self.nixosModules.core + #self.nixosModules.prometheus-exporters + #self.nixosModules.promtail + + self.nixosModules.garage + ]; + }; }; }; }