crony/nix-conf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(heimdall): add basic setup for a server.

Browse Source
This commit is contained in:
CronyAkatsuki 2025-05-04 02:59:20 +02:00
parent e58406b13a
commit 564178ff24
6 changed files with 180 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
flake.lock generated
View File

@ -105,6 +105,26 @@
"type": "github" "type": "github"
} }
}, },
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1745812220,
"narHash": "sha256-hotBG0EJ9VmAHJYF0yhWuTVZpENHvwcJ2SxvIPrXm+g=",
"owner": "nix-community",
"repo": "disko",
"rev": "d0c543d740fad42fe2c035b43c9d41127e073c78",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -1058,6 +1078,7 @@
"inputs": { "inputs": {
"auto-cpufreq": "auto-cpufreq", "auto-cpufreq": "auto-cpufreq",
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"disko": "disko",
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
"home-manager": "home-manager", "home-manager": "home-manager",
"iamb": "iamb", "iamb": "iamb",

81
flake.nix
View File

@ -64,6 +64,12 @@
# Deploy-rs # Deploy-rs
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
# Disko
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { outputs = {
@ -74,6 +80,7 @@
git-hooks, git-hooks,
nix-on-droid, nix-on-droid,
deploy-rs, deploy-rs,
disko,
... ...
} @ inputs: { } @ inputs: {
deploy.nodes = { deploy.nodes = {
@ -87,6 +94,14 @@
magicRollback = false; magicRollback = false;
}; };
}; };
heimdall = {
hostname = "heimdall";
profiles.system = {
sshUser = "root";
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.heimdall;
};
};
}; };
homeConfigurations = { homeConfigurations = {
"ivek" = home-manager.lib.homeManagerConfiguration { "ivek" = home-manager.lib.homeManagerConfiguration {
@ -127,34 +142,44 @@
]; ];
}; };
}; };
nixosConfigurations.nixos = nixpkgs.lib.nixosSystem { nixosConfigurations = {
specialArgs = {inherit inputs;}; heimdall = nixpkgs.lib.nixosSystem {
modules = [ system = "x86_64-linux";
# Get the system config modules = [
./hosts/nixos/configuration.nix disko.nixosModules.disko
# Enable stylix ./hosts/heimdall/configuration.nix
inputs.stylix.nixosModules.stylix ./modules/servers/general
# Load updated auto-cpufreq ];
auto-cpufreq.nixosModules.default };
# Load my modules nixos = nixpkgs.lib.nixosSystem {
./modules/linux/nixos specialArgs = {inherit inputs;};
# Still no specific modules here modules = [
# ./modules/cross-platform/nixos # Get the system config
# Setup home manager for my user ./hosts/nixos/configuration.nix
home-manager.nixosModules.home-manager # Enable stylix
{ inputs.stylix.nixosModules.stylix
home-manager.useGlobalPkgs = true; # Load updated auto-cpufreq
home-manager.extraSpecialArgs = {inherit inputs;}; auto-cpufreq.nixosModules.default
home-manager.backupFileExtension = "backup"; # Load my modules
home-manager.users.crony = { ./modules/linux/nixos
imports = [ # Still no specific modules here
./hosts/nixos/home.nix # ./modules/cross-platform/nixos
./modules/linux/home-manager # Setup home manager for my user
./modules/cross-platform/home-manager home-manager.nixosModules.home-manager
]; {
}; home-manager.useGlobalPkgs = true;
} home-manager.extraSpecialArgs = {inherit inputs;};
]; home-manager.backupFileExtension = "backup";
home-manager.users.crony = {
imports = [
./hosts/nixos/home.nix
./modules/linux/home-manager
./modules/cross-platform/home-manager
];
};
}
];
};
}; };
devShells = { devShells = {
x86_64-linux.default = let x86_64-linux.default = let

24
hosts/heimdall/configuration.nix Normal file
View File

@ -0,0 +1,24 @@
{
modulesPath,
lib,
pkgs,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
./disk-config.nix
];
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
environment.systemPackages = map lib.lowPrio [
pkgs.curl
pkgs.neovim
pkgs.gitMinimal
];
system.stateVersion = "24.05";
}

54
hosts/heimdall/disk-config.nix Normal file
View File

@ -0,0 +1,54 @@
{lib, ...}: {
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}

5
modules/servers/general/default.nix Normal file
View File

@ -0,0 +1,5 @@
{...}: {
imports = [
./openssh.nix
];
}

23
modules/servers/general/openssh.nix Normal file
View File

@ -0,0 +1,23 @@
{...}: {
services.openssh = {
enable = true;
settings = {
AllowUsers = ["root"];
X11Forwarding = false;
PasswordAuthentication = false;
};
extraConfig = ''
PubkeyAuthentication yes
PermitEmptyPasswords no
AddressFamily inet
MaxAuthTries 3
'';
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz"
];
services.fail2ban.enable = true;
}