diff --git a/flake.nix b/flake.nix index 6b1dffa..38b305a 100644 --- a/flake.nix +++ b/flake.nix @@ -188,6 +188,32 @@ } // inputs; }; + vno1-gdrx = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + { nixpkgs.overlays = overlays; } + ./hosts/vno1-gdrx/configuration.nix + home-manager.nixosModules.home-manager + nix-index-database.nixosModules.nix-index + + #agenix.nixosModules.default + #{ + # age.secrets = { + # motiejus-work-passwd-hash.file = ./secrets/motiejus_work_passwd_hash.age; + # root-work-passwd-hash.file = ./secrets/root_work_passwd_hash.age; + # #sasl-passwd.file = ./secrets/postfix_sasl_passwd.age; + + # #syncthing-key.file = ./secrets/mtworx/syncthing/key.pem.age; + # #syncthing-cert.file = ./secrets/mtworx/syncthing/cert.pem.age; + # }; + #} + ]; + + specialArgs = { + inherit myData; + } // inputs; + }; + vno3-rp3b = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ diff --git a/hosts/vno1-gdrx/configuration.nix b/hosts/vno1-gdrx/configuration.nix new file mode 100644 index 0000000..2ab1daa --- /dev/null +++ b/hosts/vno1-gdrx/configuration.nix @@ -0,0 +1,151 @@ +{ + #cconfig, + myData, + ... +}: +let + nvme = "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_2TB_S6P1NX0TA00913P"; +in +{ + imports = [ + ../../modules + ../../modules/profiles/desktop + #../../modules/profiles/autorandr + ../../modules/profiles/btrfs + ]; + + boot = { + kernelModules = [ "kvm-intel" ]; + loader.systemd-boot.enable = true; + initrd = { + availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "nvme" + "usbhid" + "tpm_tis" + ]; + luks.devices = { + luksroot = { + device = "${nvme}-part3"; + allowDiscards = true; + }; + }; + }; + }; + + swapDevices = [ + { + device = "${nvme}-part2"; + randomEncryption.enable = true; + } + ]; + + fileSystems = { + "/" = { + device = "/dev/mapper/luksroot"; + fsType = "btrfs"; + options = [ "compress=zstd" ]; + }; + "/boot" = { + device = "${nvme}-part1"; + fsType = "vfat"; + }; + }; + + hardware.cpu.intel.updateMicrocode = true; + nixpkgs.hostPlatform = "x86_64-linux"; + + mj = { + stateVersion = "24.05"; + timeZone = "Europe/Vilnius"; + username = "motiejus"; + + base.users = { + enable = true; + devTools = true; + root.initialPassword = "live"; + user.initialPassword = "live"; + #root.hashedPasswordFile = config.age.secrets.root-work-passwd-hash.path; + #user.hashedPasswordFile = config.age.secrets.motiejus-work-passwd-hash.path; + }; + + services = { + sshguard.enable = false; + tailscale = { + enable = true; + verboseLogs = true; + }; + + #btrfssnapshot = { + # enable = true; + # subvolumes = [ + # { + # subvolume = "/home"; + # label = "5minutely"; + # keep = 12; + # refreshInterval = "*:0/5"; + # } + # { + # subvolume = "/home"; + # label = "hourly"; + # keep = 24; + # refreshInterval = "*:00:00"; + # } + # ]; + #}; + + #wifibackup = { + # enable = true; + # toPath = "/home/${config.mj.username}/M-Active/.wifi"; + # toUser = config.mj.username; + #}; + + #remote-builder.client = + # let + # host = myData.hosts."fra1-b.servers.jakst"; + # in + # { + # enable = true; + # inherit (host) system supportedFeatures; + # hostName = host.jakstIP; + # sshKey = "/etc/ssh/ssh_host_ed25519_key"; + # maxJobs = 2; + # }; + + node_exporter = { + enable = true; + extraSubnets = [ myData.subnets.vno1.cidr ]; + }; + + deployerbot = { + follower = { + publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ]; + + enable = true; + uidgid = myData.uidgid.updaterbot-deployee; + sshAllowSubnets = with myData.subnets; [ tailscale.sshPattern ]; + }; + }; + + #postfix = { + # enable = true; + # saslPasswdPath = config.age.secrets.sasl-passwd.path; + #}; + + #syncthing = { + # enable = true; + # dataDir = "/home/motiejus/"; + # user = "motiejus"; + # group = "users"; + #}; + + }; + }; + + networking = { + hostName = "vno1-gdrx"; + domain = "motiejus.jakst"; + firewall.rejectPackets = true; + }; +}