crony/nix-conf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(heimdall): add basic setup for a server.

Browse Source
This commit is contained in:
CronyAkatsuki 2025-05-04 02:59:20 +02:00
parent e58406b13a
commit 564178ff24
6 changed files with 180 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
flake.lock generated
View File

@ -105,6 +105,26 @@
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1745812220,
"narHash": "sha256-hotBG0EJ9VmAHJYF0yhWuTVZpENHvwcJ2SxvIPrXm+g=",
"owner": "nix-community",
"repo": "disko",
"rev": "d0c543d740fad42fe2c035b43c9d41127e073c78",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"firefox-gnome-theme": {
"flake": false,
"locked": {
@ -1058,6 +1078,7 @@
"inputs": {
"auto-cpufreq": "auto-cpufreq",
"deploy-rs": "deploy-rs",
"disko": "disko",
"git-hooks": "git-hooks",
"home-manager": "home-manager",
"iamb": "iamb",

27
flake.nix
View File

@ -64,6 +64,12 @@
# Deploy-rs
deploy-rs.url = "github:serokell/deploy-rs";
# Disko
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
@ -74,6 +80,7 @@
git-hooks,
nix-on-droid,
deploy-rs,
disko,
...
} @ inputs: {
deploy.nodes = {
@ -87,6 +94,14 @@
magicRollback = false;
};
};
heimdall = {
hostname = "heimdall";
profiles.system = {
sshUser = "root";
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.heimdall;
};
};
};
homeConfigurations = {
"ivek" = home-manager.lib.homeManagerConfiguration {
@ -127,7 +142,16 @@
];
};
};
nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
nixosConfigurations = {
heimdall = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
disko.nixosModules.disko
./hosts/heimdall/configuration.nix
./modules/servers/general
];
};
nixos = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs;};
modules = [
# Get the system config
@ -156,6 +180,7 @@
}
];
};
};
devShells = {
x86_64-linux.default = let
system = "x86_64-linux";

24
hosts/heimdall/configuration.nix Normal file
View File

@ -0,0 +1,24 @@
{
modulesPath,
lib,
pkgs,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
./disk-config.nix
];
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
environment.systemPackages = map lib.lowPrio [
pkgs.curl
pkgs.neovim
pkgs.gitMinimal
];
system.stateVersion = "24.05";
}

54
hosts/heimdall/disk-config.nix Normal file
View File

@ -0,0 +1,54 @@
{lib, ...}: {
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}

5
modules/servers/general/default.nix Normal file
View File

@ -0,0 +1,5 @@
{...}: {
imports = [
./openssh.nix
];
}

23
modules/servers/general/openssh.nix Normal file
View File

@ -0,0 +1,23 @@
{...}: {
services.openssh = {
enable = true;
settings = {
AllowUsers = ["root"];
X11Forwarding = false;
PasswordAuthentication = false;
};
extraConfig = ''
PubkeyAuthentication yes
PermitEmptyPasswords no
AddressFamily inet
MaxAuthTries 3
'';
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz"
];
services.fail2ban.enable = true;
}