initial(ish) commit

2022-03-01 23:53:11 +01:00 · 2022-03-01 23:53:11 +01:00 · b744693f0e
commit b744693f0e
88 changed files with 4925 additions and 0 deletions
--- a/hosts/picard/default.nix
+++ b/hosts/picard/default.nix
@ -0,0 +1,63 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ inputs, config, pkgs, ... }:
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/sda";
+  boot.loader.systemd-boot.enable = false;
+
+  services.syncthing.enable = true;
+
+
+  networking.interfaces."ens3" = {
+    ipv6 = {
+      addresses = [
+        {
+          address = "2a03:4000:54:a98::1";
+          prefixLength = 64;
+        }
+      ];
+    };
+  };
+  networking.defaultGateway6 = { address = "fe80::1"; interface = "enp0s3"; };
+  networking.nameservers = [ "1.1.1.1" "8.8.8.8" ];
+  # networking.interfaces.eno1.useDHCP = true;
+  networking.hostId = "7c21236a";
+
+  # Immutable users due to tmpfs
+  users.mutableUsers = false;
+
+  services.postgresql.package = pkgs.postgresql_13;
+
+  ragon = {
+    cli.enable = true;
+    user.enable = true;
+    home-manager.enable = true;
+    persist.enable = true;
+    persist.extraDirectories = [ "/var/lib/syncthing" ];
+
+    services = {
+      ssh.enable = true;
+      bitwarden.enable = true;
+      gitlab.enable = true; # TODO gitlab-runner
+      synapse.enable = true;
+      tailscale.enable = true;
+      hedgedoc.enable = true;
+      ts3.enable = true;
+      nginx.enable = true;
+      nginx.domain = "ragon.xyz";
+    };
+
+  };
+
+}
--- a/hosts/picard/hardware-configuration.nix
+++ b/hosts/picard/hardware-configuration.nix
@ -0,0 +1,42 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ "${modulesPath}/profiles/qemu-guest.nix" ];
+  boot.zfs.requestEncryptionCredentials = true;
+  ragon.system.fs.enable = true;
+  ragon.system.fs.nix = "rpool/nix";
+  ragon.system.fs.varlog = "rpool/varlog";
+  ragon.system.fs.persistent = "rpool/persist";
+  ragon.system.fs.swap = false;
+  ragon.system.fs.mediadata = false;
+  swapDevices = [
+    { device = "/dev/sda2"; randomEncryption.enable = true; }
+  ];
+  services.syncoid.enable = false; # disable failing zfs syncing
+  boot.initrd = {
+    network = {
+      enable = true;
+      postCommands = ''
+        zpool import rpool
+        echo "zfs load-key -a; killall zfs" >> /root/.profile
+      '';
+      ssh = {
+        enable = true;
+        port = 2222;
+        hostKeys = [
+          "/persistent/etc/nixos/secrets/initrd/ssh_host_rsa_key"
+          "/persistent/etc/nixos/secrets/initrd/ssh_host_ed25519_key"
+        ];
+        authorizedKeys = pkgs.pubkeys.ragon.user;
+
+      };
+
+    };
+
+  };
+
+  powerManagement.cpuFreqGovernor = "performance";
+}