feat(heimdall): add basic setup for a server.

2025-05-04 02:59:20 +02:00 · 2025-05-04 02:59:20 +02:00 · 564178ff24
commit 564178ff24
parent e58406b13a
6 changed files with 180 additions and 28 deletions
--- a/flake.lock
+++ b/flake.lock
@ -105,6 +105,26 @@
        "type": "github"
      }
    },
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1745812220,
+        "narHash": "sha256-hotBG0EJ9VmAHJYF0yhWuTVZpENHvwcJ2SxvIPrXm+g=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "d0c543d740fad42fe2c035b43c9d41127e073c78",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
    "firefox-gnome-theme": {
      "flake": false,
      "locked": {
@ -1058,6 +1078,7 @@
      "inputs": {
        "auto-cpufreq": "auto-cpufreq",
        "deploy-rs": "deploy-rs",
+        "disko": "disko",
        "git-hooks": "git-hooks",
        "home-manager": "home-manager",
        "iamb": "iamb",
--- a/flake.nix
+++ b/flake.nix
@ -64,6 +64,12 @@

    # Deploy-rs
    deploy-rs.url = "github:serokell/deploy-rs";
+
+    # Disko
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };

  outputs = {
@ -74,6 +80,7 @@
    git-hooks,
    nix-on-droid,
    deploy-rs,
+    disko,
    ...
  } @ inputs: {
    deploy.nodes = {
@ -87,6 +94,14 @@
          magicRollback = false;
        };
      };
+      heimdall = {
+        hostname = "heimdall";
+        profiles.system = {
+          sshUser = "root";
+          user = "root";
+          path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.heimdall;
+        };
+      };
    };
    homeConfigurations = {
      "ivek" = home-manager.lib.homeManagerConfiguration {
@ -127,7 +142,16 @@
        ];
      };
    };
-    nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
+    nixosConfigurations = {
+      heimdall = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          disko.nixosModules.disko
+          ./hosts/heimdall/configuration.nix
+          ./modules/servers/general
+        ];
+      };
+      nixos = nixpkgs.lib.nixosSystem {
        specialArgs = {inherit inputs;};
        modules = [
          # Get the system config
@ -156,6 +180,7 @@
          }
        ];
      };
+    };
    devShells = {
      x86_64-linux.default = let
        system = "x86_64-linux";
--- a/hosts/heimdall/configuration.nix
+++ b/hosts/heimdall/configuration.nix
@ -0,0 +1,24 @@
+{
+  modulesPath,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disk-config.nix
+  ];
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+  environment.systemPackages = map lib.lowPrio [
+    pkgs.curl
+    pkgs.neovim
+    pkgs.gitMinimal
+  ];
+
+  system.stateVersion = "24.05";
+}
--- a/hosts/heimdall/disk-config.nix
+++ b/hosts/heimdall/disk-config.nix
@ -0,0 +1,54 @@
+{lib, ...}: {
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "lvm_pv";
+              vg = "pool";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [
+                "defaults"
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/modules/servers/general/default.nix
+++ b/modules/servers/general/default.nix
@ -0,0 +1,5 @@
+{...}: {
+  imports = [
+    ./openssh.nix
+  ];
+}
--- a/modules/servers/general/openssh.nix
+++ b/modules/servers/general/openssh.nix
@ -0,0 +1,23 @@
+{...}: {
+  services.openssh = {
+    enable = true;
+    settings = {
+      AllowUsers = ["root"];
+      X11Forwarding = false;
+      PasswordAuthentication = false;
+    };
+    extraConfig = ''
+      PubkeyAuthentication yes
+      PermitEmptyPasswords no
+
+      AddressFamily inet
+      MaxAuthTries 3
+    '';
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz"
+  ];
+
+  services.fail2ban.enable = true;
+}