vno1-op5p

2024-03-06 15:41:07 +02:00 · 2024-03-06 15:41:07 +02:00 · f9426cddba
commit f9426cddba
parent 0e32f5a913
4 changed files with 102 additions and 8 deletions
--- a/flake.nix
+++ b/flake.nix
@ -142,6 +142,27 @@
          specialArgs = {inherit myData;} // inputs;
        };

+        vno1-op5p = nixpkgs.lib.nixosSystem {
+          system = "aarch64-linux";
+          modules = [
+            {nixpkgs.overlays = overlays;}
+            ./hosts/vno1-op5p/configuration.nix
+            home-manager.nixosModules.home-manager
+
+            #agenix.nixosModules.default
+            #{
+            #  age.secrets = {
+            #    motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
+            #    root-passwd-hash.file = ./secrets/root_passwd_hash.age;
+
+            #    sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
+            #  };
+            #}
+          ];
+
+          specialArgs = {inherit myData;} // inputs;
+        };
+
        vno1-oh2 = nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
          modules = [
--- a/hosts/op5p/configuration.nix
+++ b/hosts/op5p/configuration.nix
@ -22,6 +22,14 @@

  boot.supportedFilesystems = ["bcachefs"];

+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/nixos";
+      fsType = "ext4";
+      options = ["noatime"];
+    };
+  };
+
  security.sudo = {
    enable = true;
    wheelNeedsPassword = false;
--- a/hosts/vno1-op5p/configuration.nix
+++ b/hosts/vno1-op5p/configuration.nix
@ -0,0 +1,73 @@
+_: let
+  nvme = "/dev/disk/by-id/nvme-WDC_PC_SN730_SDBQNTY-256G-1001_19494D801165";
+in {
+  imports = [
+    ../../modules
+    ../../shared/platform/orangepi5plus.nix
+  ];
+
+  boot = {
+    supportedFilesystems = ["bcachefs"];
+    initrd = {
+      kernelModules = ["usb_storage"];
+      luks.devices = {
+        luksroot = {
+          device = "${nvme}-part3";
+          allowDiscards = true;
+          keyFileOffset = 554;
+          keyFileSize = 12;
+          keyFile = "/dev/disk/by-id/usb-Generic_Flash_Disk_1EA30F29-0:0";
+        };
+      };
+    };
+  };
+
+  swapDevices = [
+    {
+      device = "${nvme}-part2";
+      randomEncryption.enable = true;
+    }
+  ];
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/mapper/luksroot";
+      fsType = "bcachefs";
+    };
+    "/boot" = {
+      device = "${nvme}-part1";
+      fsType = "ext4";
+    };
+  };
+
+  mj = {
+    stateVersion = "23.11";
+    timeZone = "Europe/Vilnius";
+    username = "motiejus";
+
+    base.users = {
+      enable = true;
+      #root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
+      #user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
+      user.initialPassword = "live";
+      root.initialPassword = "live";
+    };
+
+    services = {
+      node_exporter.enable = true;
+    };
+
+    #postfix = {
+    #  enable = true;
+    #  saslPasswdPath = config.age.secrets.sasl-passwd.path;
+    #};
+  };
+
+  services.pcscd.enable = true;
+
+  networking = {
+    hostName = "vno1-op5p";
+    domain = "jakstys.lt";
+    firewall.allowedTCPPorts = [22];
+  };
+}
--- a/shared/platform/orangepi5plus.nix
+++ b/shared/platform/orangepi5plus.nix
@ -37,14 +37,6 @@ in {

  hardware.deviceTree.name = "rockchip/rk3588-orangepi-5-plus.dtb";

-  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-label/nixos";
-      fsType = "ext4";
-      options = ["noatime"];
-    };
-  };
-
  system.build = {
    sdImage = import "${modulesPath}/../lib/make-disk-image.nix" {
      name = "orangepi5-sd-image";