From 5e54dfded8ffe6ff9117109da64e2e3acfb4bc7c Mon Sep 17 00:00:00 2001 From: Amneesh Singh Date: Sun, 20 Oct 2024 15:59:58 +0530 Subject: [PATCH] hosts/suwako: init Signed-off-by: Amneesh Singh --- conf/network.nix | 1 + home/README | 1 + home/default.nix | 12 ++++++++++++ hosts/README.org | 1 + hosts/default.nix | 10 ++++++++++ hosts/suwako/boot.nix | 14 ++++++++++++++ hosts/suwako/default.nix | 23 +++++++++++++++++++++++ hosts/suwako/hardware.nix | 22 ++++++++++++++++++++++ hosts/suwako/networking.nix | 35 +++++++++++++++++++++++++++++++++++ hosts/suwako/services.nix | 24 ++++++++++++++++++++++++ 10 files changed, 143 insertions(+) create mode 100644 hosts/suwako/boot.nix create mode 100644 hosts/suwako/default.nix create mode 100644 hosts/suwako/hardware.nix create mode 100644 hosts/suwako/networking.nix create mode 100644 hosts/suwako/services.nix diff --git a/conf/network.nix b/conf/network.nix index bd768e1..f71c234 100644 --- a/conf/network.nix +++ b/conf/network.nix @@ -10,6 +10,7 @@ satori = "${ipPrefix}.3"; hina = "${ipPrefix}.4"; okina = "${ipPrefix}.5"; + suwako = "${ipPrefix}.6"; }; }; domain = { diff --git a/home/README b/home/README index b6ef4ce..e5101f3 100644 --- a/home/README +++ b/home/README @@ -3,5 +3,6 @@ natto-laptop : default user for satori (laptop - NixOS Unstable) bat : default user for remilia (Oracle VM - NixOS Unstable) spin : default user for hina (Oracle VM - NixOS Unstable) spark : default user for marisa (RPi4 - NixOS Unstable) +kero : default user for suwako (ARM OracleVM - NixOS Unstable) amneesh : default user for nightbug (Workplace PC - Ubuntu 22.04) diff --git a/home/default.nix b/home/default.nix index df0a179..15be767 100644 --- a/home/default.nix +++ b/home/default.nix @@ -81,6 +81,18 @@ in pkgs = mkPkgs "x86_64-linux"; }; + kero = inputs.home-manager.lib.homeManagerConfiguration { + inherit extraSpecialArgs; + modules = [{ + home = { + homeDirectory = "/home/kero"; + username = "kero"; + stateVersion = "24.05"; + }; + }] ++ common; + pkgs = mkPkgs "aarch64-linux"; + }; + amneesh = inputs.home-manager.lib.homeManagerConfiguration { inherit extraSpecialArgs; modules = [ diff --git a/hosts/README.org b/hosts/README.org index 0588dc0..adde602 100644 --- a/hosts/README.org +++ b/hosts/README.org @@ -3,3 +3,4 @@ + marisa is my Raspberry Pi 4 (B) + remilia is my cloud VM + hina is another cloud VM I use for ZNC ++ suwako is an ARM cloud VM diff --git a/hosts/default.nix b/hosts/default.nix index 9a3da39..bf35728 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -71,5 +71,15 @@ in ++ commonModules ++ serverModules; }; + + #Oracle Cloud VM + suwako = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + ./suwako + ] + ++ commonModules + ++ serverModules; + }; }; } diff --git a/hosts/suwako/boot.nix b/hosts/suwako/boot.nix new file mode 100644 index 0000000..6f50331 --- /dev/null +++ b/hosts/suwako/boot.nix @@ -0,0 +1,14 @@ +{ config, ... }: +{ + boot = { + kernel.sysctl."net.ipv4.ip_forward" = 1; + initrd.kernelModules = [ "bochs" ]; + initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" ]; + kernelModules = [ "kvm-amd" ]; + kernelParams = [ "console=ttyS0" "console=tty1" "nvme.shutdown_timeout=10" "libiscsi.debug_libiscsi_eh=1" ]; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; +} diff --git a/hosts/suwako/default.nix b/hosts/suwako/default.nix new file mode 100644 index 0000000..1137199 --- /dev/null +++ b/hosts/suwako/default.nix @@ -0,0 +1,23 @@ +{ config, pkgs, conf, ... }: +{ + imports = [ + ./networking.nix + ./hardware.nix + ./boot.nix + ./services.nix + ]; + + time.timeZone = "Asia/Kolkata"; + + users.users.kero = { + isNormalUser = true; + shell = pkgs.zsh; + home = "/home/kero"; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = conf.network.commonSSHKeys; + }; + + programs.zsh.enable = true; + + system.stateVersion = "24.05"; +} diff --git a/hosts/suwako/hardware.nix b/hosts/suwako/hardware.nix new file mode 100644 index 0000000..480f3b5 --- /dev/null +++ b/hosts/suwako/hardware.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/e87c20b9-f451-45bf-b863-385ac9c290cf "; + fsType = "ext4"; + }; + + swapDevices = [ + { + device = "/swapfile"; + size = 3084; + priority = 0; + } + ]; +} diff --git a/hosts/suwako/networking.nix b/hosts/suwako/networking.nix new file mode 100644 index 0000000..af2bcee --- /dev/null +++ b/hosts/suwako/networking.nix @@ -0,0 +1,35 @@ +{ lib, config, conf, pkgs, ... }: +{ + networking = { + useDHCP = false; + hostName = "suwako"; + firewall = + { + interfaces = { + enp0s6 = { + allowedTCPPorts = [ 22 443 80 ]; + }; + }; + }; + interfaces = { + enp0s6 = { + useDHCP = true; + }; + }; + + wireguard.interfaces.wg0 = with conf.network.addresses.wireguard.ips; { + ips = [ suwako ]; + listenPort = 17840; + privateKeyFile = "/var/secrets/wg.key"; + peers = [ + { + #Oracle VM1 + publicKey = "z0Y2VNEWcyVQVSqRHiwmiJ5/0MgSPM+HZfEcwIccSxM="; + allowedIPs = [ remilia ]; + endpoint = "${conf.network.addresses.domain.natto}:17840"; + persistentKeepalive = 25; + } + ]; + }; + }; +} diff --git a/hosts/suwako/services.nix b/hosts/suwako/services.nix new file mode 100644 index 0000000..2f6b1ad --- /dev/null +++ b/hosts/suwako/services.nix @@ -0,0 +1,24 @@ +{ config, pkgs, lib, conf, ... }: +let + domain = conf.network.addresses.domain.natto; +in +{ + services = { + cron.enable = true; + + openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + ports = [ 22 ]; + }; + }; + + security.acme = { + acceptTerms = true; + certs = lib.mapAttrs (n: _: { email = "natto@${domain}"; }) + (lib.filterAttrs (_: v: v.enableACME) config.services.nginx.virtualHosts); + }; + + security.pki.certificateFiles = [ ../../cert.pem ]; +} +