Lander Van den Bulcke
81807eeaa8
Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
176 lines
4.5 KiB
Nix
176 lines
4.5 KiB
Nix
{
|
|
inputs,
|
|
nixpkgs,
|
|
...
|
|
}:
|
|
{
|
|
mkMachine =
|
|
hostname:
|
|
{
|
|
system ? "aarch64-linux",
|
|
user ? "lander",
|
|
timeZone ? "Europe/Berlin",
|
|
disks ? [ "/dev/sda" ],
|
|
ipv6Address,
|
|
tailscale ? true,
|
|
extraModules ? [ ],
|
|
}:
|
|
let
|
|
diskConfig = import ./disk-config.nix { inherit disks nixpkgs; };
|
|
machineConfig = import ../hosts/servers/${hostname}.nix;
|
|
in
|
|
nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
|
|
modules = [
|
|
inputs.disko.nixosModules.disko
|
|
inputs.sops-nix.nixosModules.sops
|
|
inputs.self.nixosModules.namespaced-vpn
|
|
inputs.self.nixosModules.storagebox
|
|
|
|
diskConfig
|
|
|
|
(
|
|
{
|
|
config,
|
|
lib,
|
|
modulesPath,
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
(modulesPath + "/installer/scan/not-detected.nix")
|
|
(modulesPath + "/profiles/qemu-guest.nix")
|
|
];
|
|
|
|
boot = {
|
|
loader.grub = {
|
|
devices = [ "/dev/sda" ];
|
|
efiSupport = true;
|
|
efiInstallAsRemovable = true;
|
|
};
|
|
|
|
initrd.kernelModules = [ "virtio_gpu" ];
|
|
|
|
kernelParams = [ "console=tty" ];
|
|
};
|
|
|
|
time.timeZone = timeZone;
|
|
|
|
networking = {
|
|
useNetworkd = true;
|
|
hostName = hostname;
|
|
};
|
|
|
|
systemd.network = {
|
|
enable = true;
|
|
|
|
networks = {
|
|
"30-wan" = {
|
|
matchConfig.Name = "enp1s0";
|
|
networkConfig.DHCP = "ipv4";
|
|
address = [ ipv6Address ];
|
|
routes = [
|
|
{ Gateway = "fe80::1"; }
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings.PasswordAuthentication = false;
|
|
extraConfig = ''
|
|
PrintLastLog no
|
|
'';
|
|
};
|
|
|
|
sops.secrets.tailscale-authkey = lib.mkIf tailscale {
|
|
owner = "root";
|
|
group = "root";
|
|
sopsFile = ../hosts/common/servers/secrets.yaml;
|
|
};
|
|
|
|
services.tailscale = lib.mkIf tailscale {
|
|
enable = tailscale;
|
|
openFirewall = false;
|
|
extraUpFlags = [
|
|
"--login-server=https://headscale.escapeangle.com"
|
|
];
|
|
authKeyFile = config.sops.secrets.tailscale-authkey.path;
|
|
};
|
|
|
|
programs.zsh.enable = true;
|
|
environment.pathsToLink = [ "/share/zsh" ];
|
|
environment.shells = [ pkgs.zsh ];
|
|
environment.enableAllTerminfo = true;
|
|
|
|
users.users.${user} = {
|
|
isNormalUser = true;
|
|
shell = pkgs.zsh;
|
|
extraGroups = [
|
|
"wheel"
|
|
];
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnthKtz0fE4yQ/X10cJgKVCjYCNkRNoqV28xAhD7h2M cardno:22_498_026"
|
|
];
|
|
};
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnthKtz0fE4yQ/X10cJgKVCjYCNkRNoqV28xAhD7h2M cardno:22_498_026"
|
|
];
|
|
|
|
nix = {
|
|
settings = {
|
|
trusted-users = [ "${user}" ];
|
|
accept-flake-config = true;
|
|
auto-optimise-store = true;
|
|
};
|
|
|
|
registry = {
|
|
nixpkgs = {
|
|
flake = nixpkgs;
|
|
};
|
|
};
|
|
|
|
nixPath = [
|
|
"nixpkgs=${nixpkgs.outPath}"
|
|
"nixos-config=/etc/nixos/configuration.nix"
|
|
"/nix/var/nix/profiles/per-user/root/channels"
|
|
];
|
|
|
|
package = pkgs.nixVersions.stable;
|
|
extraOptions = ''experimental-features = nix-command flakes'';
|
|
|
|
gc = {
|
|
automatic = true;
|
|
options = "--delete-older-than 7d";
|
|
};
|
|
};
|
|
}
|
|
)
|
|
|
|
machineConfig
|
|
] ++ extraModules;
|
|
};
|
|
|
|
mkColmena =
|
|
{
|
|
system ? "aarch64-linux",
|
|
user ? "lander",
|
|
timeZone ? "Europe/Berlin",
|
|
disks ? [ "/dev/sda" ],
|
|
ipv6Address,
|
|
tailscale ? true,
|
|
extraModules ? [ ],
|
|
}:
|
|
{
|
|
deployment = {
|
|
targetHost = "hosting-02.escapeangle.com";
|
|
targetPort = 22;
|
|
targetUser = "root";
|
|
buildOnTarget = true;
|
|
};
|
|
};
|
|
}
|