hosts/suwako: init

Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
2024-10-20 15:59:58 +05:30
parent eac8c77797
commit 5e54dfded8
10 changed files with 143 additions and 0 deletions
--- a/hosts/suwako/boot.nix
+++ b/hosts/suwako/boot.nix
@@ -0,0 +1,14 @@
+{ config, ... }:
+{
+  boot = {
+    kernel.sysctl."net.ipv4.ip_forward" = 1;
+    initrd.kernelModules = [ "bochs" ];
+    initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" ];
+    kernelModules = [ "kvm-amd" ];
+    kernelParams = [ "console=ttyS0" "console=tty1" "nvme.shutdown_timeout=10" "libiscsi.debug_libiscsi_eh=1" ];
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  };
+}
--- a/hosts/suwako/default.nix
+++ b/hosts/suwako/default.nix
@@ -0,0 +1,23 @@
+{ config, pkgs, conf, ... }:
+{
+  imports = [
+    ./networking.nix
+    ./hardware.nix
+    ./boot.nix
+    ./services.nix
+  ];
+
+  time.timeZone = "Asia/Kolkata";
+
+  users.users.kero = {
+    isNormalUser = true;
+    shell = pkgs.zsh;
+    home = "/home/kero";
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keys = conf.network.commonSSHKeys;
+  };
+
+  programs.zsh.enable = true;
+
+  system.stateVersion = "24.05";
+}
--- a/hosts/suwako/hardware.nix
+++ b/hosts/suwako/hardware.nix
@@ -0,0 +1,22 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/e87c20b9-f451-45bf-b863-385ac9c290cf ";
+      fsType = "ext4";
+    };
+
+  swapDevices = [
+    {
+      device = "/swapfile";
+      size = 3084;
+      priority = 0;
+    }
+  ];
+}
--- a/hosts/suwako/networking.nix
+++ b/hosts/suwako/networking.nix
@@ -0,0 +1,35 @@
+{ lib, config, conf, pkgs, ... }:
+{
+  networking = {
+    useDHCP = false;
+    hostName = "suwako";
+    firewall =
+      {
+        interfaces = {
+          enp0s6 = {
+            allowedTCPPorts = [ 22 443 80 ];
+          };
+        };
+      };
+    interfaces = {
+      enp0s6 = {
+        useDHCP = true;
+      };
+    };
+
+    wireguard.interfaces.wg0 = with conf.network.addresses.wireguard.ips; {
+      ips = [ suwako ];
+      listenPort = 17840;
+      privateKeyFile = "/var/secrets/wg.key";
+      peers = [
+        {
+          #Oracle VM1
+          publicKey = "z0Y2VNEWcyVQVSqRHiwmiJ5/0MgSPM+HZfEcwIccSxM=";
+          allowedIPs = [ remilia ];
+          endpoint = "${conf.network.addresses.domain.natto}:17840";
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+  };
+}
--- a/hosts/suwako/services.nix
+++ b/hosts/suwako/services.nix
@@ -0,0 +1,24 @@
+{ config, pkgs, lib, conf, ... }:
+let
+  domain = conf.network.addresses.domain.natto;
+in
+{
+  services = {
+    cron.enable = true;
+
+    openssh = {
+      enable = true;
+      settings.PermitRootLogin = "yes";
+      ports = [ 22 ];
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    certs = lib.mapAttrs (n: _: { email = "natto@${domain}"; })
+      (lib.filterAttrs (_: v: v.enableACME) config.services.nginx.virtualHosts);
+  };
+
+  security.pki.certificateFiles = [ ../../cert.pem ];
+}
+