From 564178ff2491b3e593aaf73074fab7530b261c5a Mon Sep 17 00:00:00 2001
From: Crony Akatsuki <crony@cronyakatsuki.xyz>
Date: Sun, 4 May 2025 02:59:20 +0200
Subject: [PATCH] feat(heimdall): add basic setup for a server.

---
 flake.lock                          | 21 ++++++++
 flake.nix                           | 81 +++++++++++++++++++----------
 hosts/heimdall/configuration.nix    | 24 +++++++++
 hosts/heimdall/disk-config.nix      | 54 +++++++++++++++++++
 modules/servers/general/default.nix |  5 ++
 modules/servers/general/openssh.nix | 23 ++++++++
 6 files changed, 180 insertions(+), 28 deletions(-)
 create mode 100644 hosts/heimdall/configuration.nix
 create mode 100644 hosts/heimdall/disk-config.nix
 create mode 100644 modules/servers/general/default.nix
 create mode 100644 modules/servers/general/openssh.nix

diff --git a/flake.lock b/flake.lock
index 46af8df..a668715 100644
--- a/flake.lock
+++ b/flake.lock
@@ -105,6 +105,26 @@
         "type": "github"
       }
     },
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1745812220,
+        "narHash": "sha256-hotBG0EJ9VmAHJYF0yhWuTVZpENHvwcJ2SxvIPrXm+g=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "d0c543d740fad42fe2c035b43c9d41127e073c78",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
     "firefox-gnome-theme": {
       "flake": false,
       "locked": {
@@ -1058,6 +1078,7 @@
       "inputs": {
         "auto-cpufreq": "auto-cpufreq",
         "deploy-rs": "deploy-rs",
+        "disko": "disko",
         "git-hooks": "git-hooks",
         "home-manager": "home-manager",
         "iamb": "iamb",
diff --git a/flake.nix b/flake.nix
index bf7e149..efedf1d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -64,6 +64,12 @@
 
     # Deploy-rs
     deploy-rs.url = "github:serokell/deploy-rs";
+
+    # Disko
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = {
@@ -74,6 +80,7 @@
     git-hooks,
     nix-on-droid,
     deploy-rs,
+    disko,
     ...
   } @ inputs: {
     deploy.nodes = {
@@ -87,6 +94,14 @@
           magicRollback = false;
         };
       };
+      heimdall = {
+        hostname = "heimdall";
+        profiles.system = {
+          sshUser = "root";
+          user = "root";
+          path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.heimdall;
+        };
+      };
     };
     homeConfigurations = {
       "ivek" = home-manager.lib.homeManagerConfiguration {
@@ -127,34 +142,44 @@
         ];
       };
     };
-    nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
-      specialArgs = {inherit inputs;};
-      modules = [
-        # Get the system config
-        ./hosts/nixos/configuration.nix
-        # Enable stylix
-        inputs.stylix.nixosModules.stylix
-        # Load updated auto-cpufreq
-        auto-cpufreq.nixosModules.default
-        # Load my modules
-        ./modules/linux/nixos
-        # Still no specific modules here
-        # ./modules/cross-platform/nixos
-        # Setup home manager for my user
-        home-manager.nixosModules.home-manager
-        {
-          home-manager.useGlobalPkgs = true;
-          home-manager.extraSpecialArgs = {inherit inputs;};
-          home-manager.backupFileExtension = "backup";
-          home-manager.users.crony = {
-            imports = [
-              ./hosts/nixos/home.nix
-              ./modules/linux/home-manager
-              ./modules/cross-platform/home-manager
-            ];
-          };
-        }
-      ];
+    nixosConfigurations = {
+      heimdall = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          disko.nixosModules.disko
+          ./hosts/heimdall/configuration.nix
+          ./modules/servers/general
+        ];
+      };
+      nixos = nixpkgs.lib.nixosSystem {
+        specialArgs = {inherit inputs;};
+        modules = [
+          # Get the system config
+          ./hosts/nixos/configuration.nix
+          # Enable stylix
+          inputs.stylix.nixosModules.stylix
+          # Load updated auto-cpufreq
+          auto-cpufreq.nixosModules.default
+          # Load my modules
+          ./modules/linux/nixos
+          # Still no specific modules here
+          # ./modules/cross-platform/nixos
+          # Setup home manager for my user
+          home-manager.nixosModules.home-manager
+          {
+            home-manager.useGlobalPkgs = true;
+            home-manager.extraSpecialArgs = {inherit inputs;};
+            home-manager.backupFileExtension = "backup";
+            home-manager.users.crony = {
+              imports = [
+                ./hosts/nixos/home.nix
+                ./modules/linux/home-manager
+                ./modules/cross-platform/home-manager
+              ];
+            };
+          }
+        ];
+      };
     };
     devShells = {
       x86_64-linux.default = let
diff --git a/hosts/heimdall/configuration.nix b/hosts/heimdall/configuration.nix
new file mode 100644
index 0000000..8aab40d
--- /dev/null
+++ b/hosts/heimdall/configuration.nix
@@ -0,0 +1,24 @@
+{
+  modulesPath,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disk-config.nix
+  ];
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+  environment.systemPackages = map lib.lowPrio [
+    pkgs.curl
+    pkgs.neovim
+    pkgs.gitMinimal
+  ];
+
+  system.stateVersion = "24.05";
+}
diff --git a/hosts/heimdall/disk-config.nix b/hosts/heimdall/disk-config.nix
new file mode 100644
index 0000000..8f36ed4
--- /dev/null
+++ b/hosts/heimdall/disk-config.nix
@@ -0,0 +1,54 @@
+{lib, ...}: {
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "lvm_pv";
+              vg = "pool";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [
+                "defaults"
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/modules/servers/general/default.nix b/modules/servers/general/default.nix
new file mode 100644
index 0000000..4213785
--- /dev/null
+++ b/modules/servers/general/default.nix
@@ -0,0 +1,5 @@
+{...}: {
+  imports = [
+    ./openssh.nix
+  ];
+}
diff --git a/modules/servers/general/openssh.nix b/modules/servers/general/openssh.nix
new file mode 100644
index 0000000..19db87d
--- /dev/null
+++ b/modules/servers/general/openssh.nix
@@ -0,0 +1,23 @@
+{...}: {
+  services.openssh = {
+    enable = true;
+    settings = {
+      AllowUsers = ["root"];
+      X11Forwarding = false;
+      PasswordAuthentication = false;
+    };
+    extraConfig = ''
+      PubkeyAuthentication yes
+      PermitEmptyPasswords no
+
+      AddressFamily inet
+      MaxAuthTries 3
+    '';
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz"
+  ];
+
+  services.fail2ban.enable = true;
+}