From 4354cde55e6c5ee8876168966220c325e4ae8612 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Tue, 15 Aug 2023 07:09:11 +0300
Subject: [PATCH] vno1-rp3b

---
 flake.nix                           | 31 +++++++++++
 hosts/vno1-rp3b/configuration.nix   | 84 +++++++++++++++++++++++++++++
 modules/base/default.nix            |  4 +-
 modules/base/unitstatus/default.nix |  5 +-
 4 files changed, 122 insertions(+), 2 deletions(-)
 create mode 100644 hosts/vno1-rp3b/configuration.nix

diff --git a/flake.nix b/flake.nix
index d01fe3d..7bef2d3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -98,6 +98,25 @@
         specialArgs = {inherit myData;} // inputs;
       };
 
+      nixosConfigurations.vno1-rp3b = nixpkgs.lib.nixosSystem {
+        system = "aarch64-linux";
+        modules = [
+          ./hosts/vno1-rp3b/configuration.nix
+
+          ./modules
+
+          agenix.nixosModules.default
+
+          {
+            age.secrets.motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
+            age.secrets.root-passwd-hash.file = ./secrets/root_passwd_hash.age;
+            age.secrets.sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
+          }
+        ];
+
+        specialArgs = {inherit myData;} // inputs;
+      };
+
       deploy.nodes.hel1-a = {
         hostname = myData.hosts."hel1-a.servers.jakst".jakstIP;
         profiles = {
@@ -122,6 +141,18 @@
         };
       };
 
+      deploy.nodes.vno1-rp3b = {
+        hostname = "192.168.189.66";
+        profiles = {
+          system = {
+            sshUser = "root";
+            path =
+              deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.vno1-rp3b;
+            user = "root";
+          };
+        };
+      };
+
       checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
     }
     // flake-utils.lib.eachDefaultSystem (system: let
diff --git a/hosts/vno1-rp3b/configuration.nix b/hosts/vno1-rp3b/configuration.nix
new file mode 100644
index 0000000..3fa552d
--- /dev/null
+++ b/hosts/vno1-rp3b/configuration.nix
@@ -0,0 +1,84 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running `nixos-help`).
+{
+  config,
+  pkgs,
+  myData,
+  ...
+}: {
+  # previously:
+  # imports = [(modulesPath + "/installer/scan/not-detected.nix")];
+  # as of 23.05 that is:
+  hardware.enableRedistributableFirmware = true;
+
+  boot.initrd.availableKernelModules = ["usbhid"];
+  boot.initrd.kernelModules = [];
+  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+  boot.kernelModules = [];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
+    fsType = "ext4";
+  };
+
+  swapDevices = [];
+
+  mj = {
+    stateVersion = "23.05";
+    timeZone = "Europe/Vilnius";
+    base = {
+      users.passwd = {
+        root.passwordFile = config.age.secrets.root-passwd-hash.path;
+        motiejus.passwordFile = config.age.secrets.motiejus-passwd-hash.path;
+      };
+      unitstatus = {
+        enable = true;
+        email = "motiejus+alerts@jakstys.lt";
+      };
+    };
+
+    services = {
+      postfix = {
+        enable = true;
+        saslPasswdPath = config.age.secrets.sasl-passwd.path;
+      };
+    };
+  };
+
+  services.tailscale.enable = true;
+
+  networking = {
+    hostId = "4bd17751";
+    hostName = "vno1-rp3b";
+    domain = "servers.jakst";
+    defaultGateway = "192.168.189.4";
+    nameservers = ["192.168.189.4"];
+    interfaces.enp3s0.ipv4.addresses = [
+      {
+        address = "192.168.189.5";
+        prefixLength = 24;
+      }
+    ];
+    firewall = {
+      allowedUDPPorts = [];
+      allowedTCPPorts = [];
+      logRefusedConnections = false;
+      checkReversePath = "loose"; # for tailscale
+    };
+  };
+
+  powerManagement.cpuFreqGovernor = "ondemand";
+
+  boot.loader.grub.enable = false;
+  boot.loader.generic-extlinux-compatible.enable = true;
+
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+  };
+}
diff --git a/modules/base/default.nix b/modules/base/default.nix
index b14cd8d..01c86dc 100644
--- a/modules/base/default.nix
+++ b/modules/base/default.nix
@@ -131,7 +131,9 @@
 
     programs = {
       mtr.enable = true;
-      sysdig.enable = true;
+
+      sysdig.enable = pkgs.stdenv.hostPlatform.system == "x86_64-linux";
+
       neovim = {
         enable = true;
         defaultEditor = true;
diff --git a/modules/base/unitstatus/default.nix b/modules/base/unitstatus/default.nix
index 1001eec..c672b59 100644
--- a/modules/base/unitstatus/default.nix
+++ b/modules/base/unitstatus/default.nix
@@ -9,7 +9,10 @@
   options.mj.base.unitstatus = with lib.types; {
     enable = lib.mkEnableOption "alert by email on unit failure";
     email = lib.mkOption {type = str;};
-    units = lib.mkOption {type = listOf str;};
+    units = lib.mkOption {
+      type = listOf str;
+      default = [];
+    };
   };
 
   config = lib.mkIf config.mj.base.unitstatus.enable {