config/hosts/vno1-op5p/configuration.nix

93 lines
1.8 KiB
Nix
Raw Normal View History

2024-03-10 16:07:01 +02:00
{
2024-04-04 12:10:25 +03:00
config,
2024-03-10 16:07:01 +02:00
myData,
...
}: let
2024-06-08 01:18:04 +03:00
#nvme = "/dev/disk/by-id/nvme-WDC_PC_SN730_SDBQNTY-256G-1001_19494D801165";
nvme = "/dev/nvme0n1";
2024-03-06 15:41:07 +02:00
in {
imports = [
../../modules
2024-05-06 05:55:27 +03:00
../../modules/profiles/btrfs
2024-03-06 15:41:07 +02:00
../../shared/platform/orangepi5plus.nix
];
boot = {
initrd = {
kernelModules = ["usb_storage"];
luks.devices = {
luksroot = {
2024-06-08 01:18:04 +03:00
#device = "${nvme}-part3";
device = "${nvme}p3";
2024-03-06 15:41:07 +02:00
allowDiscards = true;
2024-03-10 14:16:53 +02:00
keyFileOffset = 9728;
keyFileSize = 512;
keyFile = "/dev/sda";
2024-03-06 15:41:07 +02:00
};
};
};
};
swapDevices = [
{
2024-06-08 01:18:04 +03:00
device = "${nvme}p2";
2024-03-06 15:41:07 +02:00
randomEncryption.enable = true;
}
];
fileSystems = {
"/" = {
device = "/dev/mapper/luksroot";
2024-04-04 10:59:35 +03:00
fsType = "btrfs";
options = ["noatime" "compress=zstd"];
2024-03-06 15:41:07 +02:00
};
"/boot" = {
2024-06-08 01:18:04 +03:00
device = "${nvme}1";
2024-03-06 15:41:07 +02:00
fsType = "ext4";
};
};
mj = {
stateVersion = "23.11";
timeZone = "Europe/Vilnius";
username = "motiejus";
base.users = {
enable = true;
2024-04-04 12:06:15 +03:00
root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
2024-03-06 15:41:07 +02:00
};
services = {
tailscale.enable = true;
2024-03-06 15:41:07 +02:00
node_exporter.enable = true;
sshguard.enable = true;
2024-03-06 15:41:07 +02:00
2024-04-04 12:06:15 +03:00
postfix = {
enable = true;
saslPasswdPath = config.age.secrets.sasl-passwd.path;
};
deployerbot = {
follower = {
inherit (myData.hosts."vno1-oh2.servers.jakst") publicKey;
enable = true;
sshAllowSubnets = [myData.subnets.tailscale.sshPattern];
uidgid = myData.uidgid.updaterbot-deployee;
};
};
};
2024-03-06 15:41:07 +02:00
};
services.pcscd.enable = true;
networking = {
hostName = "vno1-op5p";
domain = "jakstys.lt";
firewall.allowedTCPPorts = [22];
};
}