forked from pub-solar/infra
hosts: init blue-shell
This commit is contained in:
parent
4ef9781d10
commit
83b7e3e11e
30
hosts/blue-shell/configuration.nix
Normal file
30
hosts/blue-shell/configuration.nix
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
|
||||||
|
boot.kernelParams = [
|
||||||
|
"boot.shell_on_fail=1"
|
||||||
|
"ip=dhcp"
|
||||||
|
];
|
||||||
|
|
||||||
|
services.openssh.openFirewall = true;
|
||||||
|
|
||||||
|
# This option defines the first version of NixOS you have installed on this particular machine,
|
||||||
|
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
|
||||||
|
#
|
||||||
|
# Most users should NEVER change this value after the initial install, for any reason,
|
||||||
|
# even if you've upgraded your system to a new NixOS release.
|
||||||
|
#
|
||||||
|
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
|
||||||
|
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
|
||||||
|
# to actually do that.
|
||||||
|
#
|
||||||
|
# This value being lower than the current NixOS release does NOT mean your system is
|
||||||
|
# out of date, out of support, or vulnerable.
|
||||||
|
#
|
||||||
|
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
|
||||||
|
# and migrated your data accordingly.
|
||||||
|
#
|
||||||
|
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
|
||||||
|
system.stateVersion = "24.05"; # Did you read the comment?
|
||||||
|
}
|
13
hosts/blue-shell/default.nix
Normal file
13
hosts/blue-shell/default.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{ flake, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./configuration.nix
|
||||||
|
./disk-config.nix
|
||||||
|
|
||||||
|
./networking.nix
|
||||||
|
#./wireguard.nix
|
||||||
|
#./backups.nix
|
||||||
|
];
|
||||||
|
}
|
109
hosts/blue-shell/disk-config.nix
Normal file
109
hosts/blue-shell/disk-config.nix
Normal file
|
@ -0,0 +1,109 @@
|
||||||
|
{
|
||||||
|
disko.devices = {
|
||||||
|
disk = {
|
||||||
|
main = {
|
||||||
|
type = "disk";
|
||||||
|
device = "/dev/vdb";
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
bios = {
|
||||||
|
size = "1M";
|
||||||
|
type = "EF02"; # for grub MBR
|
||||||
|
};
|
||||||
|
boot = {
|
||||||
|
size = "1G";
|
||||||
|
type = "8300";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "ext4";
|
||||||
|
mountpoint = "/boot";
|
||||||
|
mountOptions = [
|
||||||
|
"defaults"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
luks = {
|
||||||
|
size = "100%";
|
||||||
|
content = {
|
||||||
|
type = "luks";
|
||||||
|
name = "cryptroot";
|
||||||
|
extraOpenArgs = [ ];
|
||||||
|
# if you want to use the key for interactive login be sure there is no trailing newline
|
||||||
|
# for example use `echo -n "password" > /tmp/secret.key`
|
||||||
|
passwordFile = "/tmp/luks-password";
|
||||||
|
content = {
|
||||||
|
type = "lvm_pv";
|
||||||
|
vg = "vg0";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
data = {
|
||||||
|
type = "disk";
|
||||||
|
device = "/dev/vdc";
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
luks = {
|
||||||
|
size = "100%";
|
||||||
|
content = {
|
||||||
|
type = "luks";
|
||||||
|
name = "cryptdata";
|
||||||
|
extraOpenArgs = [ ];
|
||||||
|
# if you want to use the key for interactive login be sure there is no trailing newline
|
||||||
|
# for example use `echo -n "password" > /tmp/secret.key`
|
||||||
|
passwordFile = "/tmp/luks-password";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "xfs";
|
||||||
|
mountpoint = "/var/lib/garage/data";
|
||||||
|
mountOptions = [
|
||||||
|
"defaults"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
lvm_vg = {
|
||||||
|
vg0 = {
|
||||||
|
type = "lvm_vg";
|
||||||
|
lvs = {
|
||||||
|
root = {
|
||||||
|
size = "100G";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "ext4";
|
||||||
|
mountpoint = "/";
|
||||||
|
mountOptions = [
|
||||||
|
"defaults"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
swap = {
|
||||||
|
size = "16G";
|
||||||
|
content = {
|
||||||
|
type = "swap";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
metadata = {
|
||||||
|
size = "50G";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "btrfs";
|
||||||
|
mountpoint = "/var/lib/garage/meta";
|
||||||
|
mountOptions = [
|
||||||
|
"defaults"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
17
hosts/blue-shell/hardware-configuration.nix
Normal file
17
hosts/blue-shell/hardware-configuration.nix
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
}
|
26
hosts/blue-shell/networking.nix
Normal file
26
hosts/blue-shell/networking.nix
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
flake,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
services.garage.settings.rpc_public_addr = "[2a03:4000:43:24e::1]:3901";
|
||||||
|
|
||||||
|
networking.hostName = "blue-shell";
|
||||||
|
networking.hostId = "00000005";
|
||||||
|
|
||||||
|
networking.useDHCP = false;
|
||||||
|
systemd.network.enable = true;
|
||||||
|
systemd.network.networks."10-wan" = {
|
||||||
|
matchConfig.Name = "ens3";
|
||||||
|
address = [
|
||||||
|
"194.13.83.205/22"
|
||||||
|
"2a03:4000:43:24e::1/64"
|
||||||
|
];
|
||||||
|
gateway = [
|
||||||
|
"194.13.80.1"
|
||||||
|
"fe80::1"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
|
@ -118,6 +118,22 @@
|
||||||
self.nixosModules.garage
|
self.nixosModules.garage
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
blue-shell = self.nixos-flake.lib.mkLinuxSystem {
|
||||||
|
imports = [
|
||||||
|
self.inputs.agenix.nixosModules.default
|
||||||
|
self.inputs.disko.nixosModules.disko
|
||||||
|
self.nixosModules.home-manager
|
||||||
|
./blue-shell
|
||||||
|
self.nixosModules.overlays
|
||||||
|
self.nixosModules.unlock-luks-on-boot
|
||||||
|
self.nixosModules.core
|
||||||
|
#self.nixosModules.prometheus-exporters
|
||||||
|
#self.nixosModules.promtail
|
||||||
|
|
||||||
|
self.nixosModules.garage
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue