diff --git a/flake.nix b/flake.nix index 30f98c3..69176f6 100644 --- a/flake.nix +++ b/flake.nix @@ -50,17 +50,17 @@ formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra; nixosConfigurations = { - # Home desktop - omega = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; + # Hetzner VPS + alpha = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; specialArgs = inputs; # pass flake inputs to modules - modules = [./hosts/omega]; + modules = [./hosts/alpha]; }; - # Laptop - zeta = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; + # Hetzner VPS + delta = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; specialArgs = inputs; # pass flake inputs to modules - modules = [./hosts/zeta]; + modules = [./hosts/delta]; }; # Work laptop mu = nixpkgs.lib.nixosSystem { @@ -68,11 +68,11 @@ specialArgs = inputs; # pass flake inputs to modules modules = [./hosts/mu]; }; - # Hetzner VPS - alpha = nixpkgs.lib.nixosSystem { - system = "aarch64-linux"; + # Home desktop + omega = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; specialArgs = inputs; # pass flake inputs to modules - modules = [./hosts/alpha]; + modules = [./hosts/omega]; }; # Home Server sigma = nixpkgs.lib.nixosSystem { @@ -86,6 +86,12 @@ specialArgs = inputs; # pass flake inputs to modules modules = [./hosts/tor]; }; + # Laptop + zeta = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = inputs; # pass flake inputs to modules + modules = [./hosts/zeta]; + }; }; }; } diff --git a/hosts/delta/default.nix b/hosts/delta/default.nix new file mode 100644 index 0000000..ebf54d8 --- /dev/null +++ b/hosts/delta/default.nix @@ -0,0 +1,36 @@ +{...}: { + imports = [ + ../../overlays + ../../modules/base + ../../modules/server + ./hardware.nix + ./network.nix + ]; + + networking.hostName = "delta"; + + boot = { + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + initrd.luks.devices.crypted.device = "/dev/disk/by-label/crypted"; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? + + # This value determines the Home Manager release that your + # configuration is compatible with. This helps avoid breakage + # when a new Home Manager release introduces backwards + # incompatible changes. + # You can update Home Manager without changing this value. See + # the Home Manager release notes for a list of state version + # changes in each release. + home-manager.users.caspervk.home.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/hosts/delta/hardware.nix b/hosts/delta/hardware.nix new file mode 100644 index 0000000..d3b2dca --- /dev/null +++ b/hosts/delta/hardware.nix @@ -0,0 +1,43 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + # https://nixos.wiki/wiki/Install_NixOS_on_Hetzner_Cloud + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod"]; + boot.initrd.kernelModules = ["dm-snapshot" "virtio_gpu"]; + boot.kernelParams = ["console=tty"]; + boot.kernelModules = []; + boot.extraModulePackages = []; + + # https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/ + fileSystems."/" = { + device = "none"; + fsType = "tmpfs"; + options = ["defaults" "size=2G" "mode=755"]; # mode=755 so only root can write to those files + }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + }; + fileSystems."/nix" = { + device = "/dev/disk/by-label/nix"; + neededForBoot = true; + fsType = "ext4"; + }; + + swapDevices = [ + { + device = "/nix/persist/swapfile"; + size = 4 * 1024; # 4 GiB + } + ]; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/hosts/delta/network.nix b/hosts/delta/network.nix new file mode 100644 index 0000000..e3d4baa --- /dev/null +++ b/hosts/delta/network.nix @@ -0,0 +1,23 @@ +{...}: { + systemd.network = { + # Main interface + # https://nixos.wiki/wiki/Install_NixOS_on_Hetzner_Cloud + networks."10-lan" = { + name = "enp1s0"; + address = [ + "116.203.20.97/32" # TODO + "2a01:4f8:c2c:6005::/64" # TODO + ]; + routes = [ + {routeConfig = {Destination = "172.31.1.1";};} + { + routeConfig = { + Gateway = "172.31.1.1"; + GatewayOnLink = true; + }; + } + {routeConfig = {Gateway = "fe80::1";};} + ]; + }; + }; +} diff --git a/modules/base/ssh.nix b/modules/base/ssh.nix index 8db2fed..281eedd 100644 --- a/modules/base/ssh.nix +++ b/modules/base/ssh.nix @@ -18,7 +18,8 @@ # ssh-keyscan -t ed25519 alpha programs.ssh.knownHosts = { "alpha".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGOpQNEmmEe6jr7Mv37ozokvtTSd1I3SmUU1tpCSNTkc"; - "delta".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0x9oImZjIhoPEwLlHVixIh7y1Kwn+SX17xffrdRzvv"; + "delta".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFe9RpnO1/QRU81kjtEsWN66xfP5Y/qf5EQZ6wdM/XCT"; + "delta-old".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0x9oImZjIhoPEwLlHVixIh7y1Kwn+SX17xffrdRzvv"; "lambda".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEEd354UBnQi4xhjtJtKs4yVXuOkKY0svk+YHCm/pG46"; "sigma".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4Kvx/lcFRvl7KlxqqhrJ32h3FzuzyLA5BNB42+p92c"; "sigma-old".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2Qrh0tpR5YawiYvcPGC4OSnu4//ge1eVdiBDLrTbCx";