From b78e105641cf72a31f844b1a2358adace3c08722 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= Date: Tue, 1 Jul 2025 16:52:05 +0000 Subject: [PATCH] beginnings of fra1-c --- flake.nix | 27 +++++++ hosts/fra1-c/configuration.nix | 141 +++++++++++++++++++++++++++++++++ 2 files changed, 168 insertions(+) create mode 100644 hosts/fra1-c/configuration.nix diff --git a/flake.nix b/flake.nix index 198f7fc..1ea6c9f 100644 --- a/flake.nix +++ b/flake.nix @@ -212,6 +212,21 @@ } // inputs; }; + fra1-c = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + { nixpkgs.overlays = overlays; } + agenix.nixosModules.default + home-manager.nixosModules.home-manager + ./hosts/fra1-c/configuration.nix + ./modules + ]; + + specialArgs = { + inherit myData; + } // inputs; + }; + }; deploy.nodes = { @@ -269,6 +284,18 @@ }; }; }; + + #fra1-c = { + # hostname = "fra1-c.jakst.vpn"; + # profiles = { + # system = { + # sshUser = "motiejus"; + # path = self.nixosConfigurations.fra1-c.pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.fra1-c; + # user = "root"; + # }; + # }; + #}; + }; checks = builtins.mapAttrs ( system: deployLib: diff --git a/hosts/fra1-c/configuration.nix b/hosts/fra1-c/configuration.nix new file mode 100644 index 0000000..42bd14f --- /dev/null +++ b/hosts/fra1-c/configuration.nix @@ -0,0 +1,141 @@ +{ + config, + myData, + modulesPath, + ... +}: +let + disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_50294864"; +in +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + age.secrets = { + motiejus-passwd-hash.file = ../../secrets/motiejus_passwd_hash.age; + root-passwd-hash.file = ../../secrets/root_passwd_hash.age; + sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age; + ssh8022-server = { + file = ../../secrets/ssh8022.age; + owner = "spiped"; + path = "/var/lib/spiped/ssh8022.key"; + }; + }; + + boot = { + loader.systemd-boot.enable = true; + initrd = { + kernelModules = [ "usb_storage" ]; + availableKernelModules = [ + "xhci_pci" + "virtio_scsi" + "sr_mod" + ]; + }; + }; + + fileSystems = { + "/boot" = { + device = "${disk}-part1"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + "/" = { + device = "${disk}-part3"; + fsType = "btrfs"; + options = [ + "compress=zstd" + "noatime" + ]; + }; + }; + + swapDevices = [ { device = "${disk}-part2"; } ]; + + mj = { + stateVersion = "24.05"; + timeZone = "UTC"; + username = "motiejus"; + + base = { + users = { + enable = true; + root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; + user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; + }; + + unitstatus = { + enable = true; + email = "motiejus+alerts@jakstys.lt"; + }; + + }; + + services = { + node_exporter.enable = true; + ping_exporter.enable = true; + tailscale.enable = true; + + ssh8022.server = { + enable = true; + keyfile = config.age.secrets.ssh8022-server.path; + openGlobalFirewall = false; + }; + + postfix = { + enable = true; + saslPasswdPath = config.age.secrets.sasl-passwd.path; + }; + + deployerbot = { + follower = { + publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ]; + + enable = true; + sshAllowSubnets = [ myData.subnets.tailscale.sshPattern ]; + uidgid = myData.uidgid.updaterbot-deployee; + }; + }; + + }; + }; + + services = { + nsd = { + enable = true; + interfaces = [ + "0.0.0.0" + "::" + ]; + zones = { + "jakstys.lt.".data = myData.jakstysLTZone; + }; + }; + }; + + powerManagement.cpuFreqGovernor = "performance"; + + networking = { + hostName = "fra1-c"; + domain = "jakst.vpn"; + useDHCP = true; + #interfaces.enp1s0.ipv6.addresses = [ + # { + # address = "2a01:4f8:c012:1ba::"; + # prefixLength = 64; + # } + #]; + defaultGateway6 = { + address = "fe80::1"; + interface = "enp1s0"; + }; + firewall = { + allowedUDPPorts = [ 53 ]; + allowedTCPPorts = [ 53 ]; + }; + }; + + nixpkgs.hostPlatform = "x86_64-linux"; +}