2024-03-10 16:07:01 +02:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
myData,
|
|
|
|
...
|
|
|
|
}: let
|
2024-03-06 15:41:07 +02:00
|
|
|
nvme = "/dev/disk/by-id/nvme-WDC_PC_SN730_SDBQNTY-256G-1001_19494D801165";
|
|
|
|
in {
|
|
|
|
imports = [
|
|
|
|
../../modules
|
|
|
|
../../shared/platform/orangepi5plus.nix
|
|
|
|
];
|
|
|
|
|
|
|
|
boot = {
|
|
|
|
supportedFilesystems = ["bcachefs"];
|
|
|
|
initrd = {
|
|
|
|
kernelModules = ["usb_storage"];
|
|
|
|
luks.devices = {
|
|
|
|
luksroot = {
|
|
|
|
device = "${nvme}-part3";
|
|
|
|
allowDiscards = true;
|
2024-03-10 14:16:53 +02:00
|
|
|
keyFileOffset = 9728;
|
|
|
|
keyFileSize = 512;
|
2024-03-06 15:41:07 +02:00
|
|
|
keyFile = "/dev/disk/by-id/usb-Generic_Flash_Disk_1EA30F29-0:0";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
swapDevices = [
|
|
|
|
{
|
|
|
|
device = "${nvme}-part2";
|
|
|
|
randomEncryption.enable = true;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
|
|
|
|
fileSystems = {
|
|
|
|
"/" = {
|
|
|
|
device = "/dev/mapper/luksroot";
|
|
|
|
fsType = "bcachefs";
|
|
|
|
};
|
|
|
|
"/boot" = {
|
|
|
|
device = "${nvme}-part1";
|
|
|
|
fsType = "ext4";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
mj = {
|
|
|
|
stateVersion = "23.11";
|
|
|
|
timeZone = "Europe/Vilnius";
|
|
|
|
username = "motiejus";
|
|
|
|
|
|
|
|
base.users = {
|
|
|
|
enable = true;
|
2024-03-10 14:40:08 +02:00
|
|
|
root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
|
|
|
|
user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
|
2024-03-06 15:41:07 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
services = {
|
2024-03-10 16:05:47 +02:00
|
|
|
tailscale.enable = true;
|
2024-03-06 15:41:07 +02:00
|
|
|
node_exporter.enable = true;
|
2024-03-10 16:05:47 +02:00
|
|
|
sshguard.enable = true;
|
2024-03-06 15:41:07 +02:00
|
|
|
|
2024-03-10 16:05:47 +02:00
|
|
|
postfix = {
|
|
|
|
enable = true;
|
|
|
|
saslPasswdPath = config.age.secrets.sasl-passwd.path;
|
|
|
|
};
|
|
|
|
|
|
|
|
deployerbot = {
|
|
|
|
follower = {
|
|
|
|
inherit (myData.hosts."vno1-oh2.servers.jakst") publicKey;
|
|
|
|
|
|
|
|
enable = true;
|
|
|
|
sshAllowSubnets = [myData.subnets.tailscale.sshPattern];
|
|
|
|
uidgid = myData.uidgid.updaterbot-deployee;
|
|
|
|
};
|
|
|
|
};
|
2024-03-10 14:40:08 +02:00
|
|
|
};
|
2024-03-06 15:41:07 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
services.pcscd.enable = true;
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
hostName = "vno1-op5p";
|
|
|
|
domain = "jakstys.lt";
|
|
|
|
firewall.allowedTCPPorts = [22];
|
2024-03-13 15:04:04 +02:00
|
|
|
hostId = "81e10bcc";
|
2024-03-06 15:41:07 +02:00
|
|
|
};
|
|
|
|
}
|