natto1784/dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

hosts/suwako: init

Browse Source 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
This commit is contained in:
Amneesh Singh
2024-10-20 15:59:58 +05:30
parent eac8c77797
commit 5e54dfded8
10 changed files with 143 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
conf/network.nix
View File

@@ -10,6 +10,7 @@
satori = "${ipPrefix}.3"; satori = "${ipPrefix}.3";
hina = "${ipPrefix}.4"; hina = "${ipPrefix}.4";
okina = "${ipPrefix}.5"; okina = "${ipPrefix}.5";
suwako = "${ipPrefix}.6";
}; };
}; };
domain = { domain = {

1
home/README
View File

@@ -3,5 +3,6 @@ natto-laptop : default user for satori (laptop - NixOS Unstable)
bat : default user for remilia (Oracle VM - NixOS Unstable) bat : default user for remilia (Oracle VM - NixOS Unstable)
spin : default user for hina (Oracle VM - NixOS Unstable) spin : default user for hina (Oracle VM - NixOS Unstable)
spark : default user for marisa (RPi4 - NixOS Unstable) spark : default user for marisa (RPi4 - NixOS Unstable)
kero : default user for suwako (ARM OracleVM - NixOS Unstable)
amneesh : default user for nightbug (Workplace PC - Ubuntu 22.04) amneesh : default user for nightbug (Workplace PC - Ubuntu 22.04)

12
home/default.nix
View File

@@ -81,6 +81,18 @@ in
pkgs = mkPkgs "x86_64-linux"; pkgs = mkPkgs "x86_64-linux";
}; };
kero = inputs.home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs;
modules = [{
home = {
homeDirectory = "/home/kero";
username = "kero";
stateVersion = "24.05";
};
}] ++ common;
pkgs = mkPkgs "aarch64-linux";
};
amneesh = inputs.home-manager.lib.homeManagerConfiguration { amneesh = inputs.home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs; inherit extraSpecialArgs;
modules = [ modules = [

1
hosts/README.org
View File

@@ -3,3 +3,4 @@
+ marisa is my Raspberry Pi 4 (B) + marisa is my Raspberry Pi 4 (B)
+ remilia is my cloud VM + remilia is my cloud VM
+ hina is another cloud VM I use for ZNC + hina is another cloud VM I use for ZNC
+ suwako is an ARM cloud VM

10
hosts/default.nix
View File

@@ -71,5 +71,15 @@ in
++ commonModules ++ commonModules
++ serverModules; ++ serverModules;
}; };
#Oracle Cloud VM
suwako = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
./suwako
]
++ commonModules
++ serverModules;
};
}; };
} }

14
hosts/suwako/boot.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, ... }:
{
boot = {
kernel.sysctl."net.ipv4.ip_forward" = 1;
initrd.kernelModules = [ "bochs" ];
initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" ];
kernelModules = [ "kvm-amd" ];
kernelParams = [ "console=ttyS0" "console=tty1" "nvme.shutdown_timeout=10" "libiscsi.debug_libiscsi_eh=1" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
}

23
hosts/suwako/default.nix Normal file
View File

@@ -0,0 +1,23 @@
{ config, pkgs, conf, ... }:
{
imports = [
./networking.nix
./hardware.nix
./boot.nix
./services.nix
];
time.timeZone = "Asia/Kolkata";
users.users.kero = {
isNormalUser = true;
shell = pkgs.zsh;
home = "/home/kero";
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = conf.network.commonSSHKeys;
};
programs.zsh.enable = true;
system.stateVersion = "24.05";
}

22
hosts/suwako/hardware.nix Normal file
View File

@@ -0,0 +1,22 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/e87c20b9-f451-45bf-b863-385ac9c290cf ";
fsType = "ext4";
};
swapDevices = [
{
device = "/swapfile";
size = 3084;
priority = 0;
}
];
}

35
hosts/suwako/networking.nix Normal file
View File

@@ -0,0 +1,35 @@
{ lib, config, conf, pkgs, ... }:
{
networking = {
useDHCP = false;
hostName = "suwako";
firewall =
{
interfaces = {
enp0s6 = {
allowedTCPPorts = [ 22 443 80 ];
};
};
};
interfaces = {
enp0s6 = {
useDHCP = true;
};
};
wireguard.interfaces.wg0 = with conf.network.addresses.wireguard.ips; {
ips = [ suwako ];
listenPort = 17840;
privateKeyFile = "/var/secrets/wg.key";
peers = [
{
#Oracle VM1
publicKey = "z0Y2VNEWcyVQVSqRHiwmiJ5/0MgSPM+HZfEcwIccSxM=";
allowedIPs = [ remilia ];
endpoint = "${conf.network.addresses.domain.natto}:17840";
persistentKeepalive = 25;
}
];
};
};
}

24
hosts/suwako/services.nix Normal file
View File

@@ -0,0 +1,24 @@
{ config, pkgs, lib, conf, ... }:
let
domain = conf.network.addresses.domain.natto;
in
{
services = {
cron.enable = true;
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
ports = [ 22 ];
};
};
security.acme = {
acceptTerms = true;
certs = lib.mapAttrs (n: _: { email = "natto@${domain}"; })
(lib.filterAttrs (_: v: v.enableACME) config.services.nginx.virtualHosts);
};
security.pki.certificateFiles = [ ../../cert.pem ];
}