diff options
author | ene <ene@sils.li> | 2023-02-08 17:33:02 +0100 |
---|---|---|
committer | ene <ene@sils.li> | 2023-02-08 17:33:02 +0100 |
commit | c50431b189e982a631d2d4864b304f33169bacdb (patch) | |
tree | 164c350e503c7dfda585ed505536b08882e00323 /system | |
parent | Merge pull request 'Imported the headless profile' (#13) from server1_headles... (diff) | |
parent | Merge branch 'server1_minecraft2' into server1 (diff) | |
download | nixos-server-c50431b189e982a631d2d4864b304f33169bacdb.tar.gz nixos-server-c50431b189e982a631d2d4864b304f33169bacdb.zip |
Merge pull request 'Merge to server1' (#16) from server1_develop into server1
Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/16
Diffstat (limited to 'system')
-rw-r--r-- | system/default.nix | 8 | ||||
-rw-r--r-- | system/system/fileSystemLayouts.nix | 45 | ||||
-rw-r--r-- | system/system/hardware.nix | 9 | ||||
-rw-r--r-- | system/system/packages.nix | 9 | ||||
-rw-r--r-- | system/system/users.nix | 59 |
5 files changed, 130 insertions, 0 deletions
diff --git a/system/default.nix b/system/default.nix new file mode 100644 index 0000000..2af4982 --- /dev/null +++ b/system/default.nix @@ -0,0 +1,8 @@ +{config, ...}: { + imports = [ + ./system/fileSystemLayouts.nix + ./system/hardware.nix + ./system/packages.nix + ./system/users.nix + ]; +} diff --git a/system/system/fileSystemLayouts.nix b/system/system/fileSystemLayouts.nix new file mode 100644 index 0000000..9d03a05 --- /dev/null +++ b/system/system/fileSystemLayouts.nix @@ -0,0 +1,45 @@ +{ + modulesPath, + config, + lib, + ... +}: +with lib; let + cfg = config.system.fileSystemLayouts; +in { + options.system.fileSystemLayouts = { + mainDisk = mkOption { + type = lib.types.path; + example = literalExpression "/dev/disk/by-uuid/0442cb6d-f13a-4635-b487-fa76189774c5"; + description = lib.mdDoc "Path to the main disk"; + }; + }; + config = { + fileSystems = { + "/" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["defaults" "size=2G" "mode=755"]; + }; + "/nix" = { + device = cfg.mainDisk; + fsType = "btrfs"; + options = ["subvol=nix" "compress-force=zstd"]; + }; + "/srv" = { + device = cfg.mainDisk; + fsType = "btrfs"; + options = ["subvol=storage" "compress-force=zstd"]; + }; + "/boot" = { + device = cfg.mainDisk; + options = ["subvol=boot" "compress-force=zstd"]; + }; + + "/etc/nixos" = { + device = "/srv/nix-config"; + options = ["bind"]; + }; + }; + }; +} diff --git a/system/system/hardware.nix b/system/system/hardware.nix new file mode 100644 index 0000000..c4c7dc9 --- /dev/null +++ b/system/system/hardware.nix @@ -0,0 +1,9 @@ +{modulesPath, ...}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + (modulesPath + "/profiles/headless.nix") + ]; + boot.loader.grub.device = "/dev/vda"; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"]; + boot.initrd.kernelModules = ["nvme" "btrfs"]; +} diff --git a/system/system/packages.nix b/system/system/packages.nix new file mode 100644 index 0000000..4d33c6e --- /dev/null +++ b/system/system/packages.nix @@ -0,0 +1,9 @@ +{pkgs, ...}: { + environment.systemPackages = with pkgs; [ + jre_minimal + git + zsh + neovim + btrfs-progs + ]; +} diff --git a/system/system/users.nix b/system/system/users.nix new file mode 100644 index 0000000..34e1648 --- /dev/null +++ b/system/system/users.nix @@ -0,0 +1,59 @@ +{pkgs, ...}: { + users.mutableUsers = false; + users.defaultUserShell = pkgs.zsh; + + users.users = { + root = { + #uid = 0; + #initialHashedPassword = null; # to lock root + # Backup, if something happens. TODO remove this later + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha" + ]; + }; + + sils = { + name = "sils"; + isNormalUser = true; + home = "/srv/home/sils"; + initialHashedPassword = "$y$jFT$KpFnahVCE9JbE.5P3us8o.$ZzSxCusWqe3sL7b6DLgOXNNUf114tiiptM6T8lDxtKC"; # TODO CHANGE + uid = 1000; + extraGroups = [ + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils" + ]; + }; + + soispha = { + name = "soispha"; + isNormalUser = true; + home = "/srv/home/soispha"; + initialHashedPassword = "$y$jFT$3.8XmUyukZvpExMUxDZkI.$IVrJgm8ysNDF/0vDD2kF6w73ozXgr1LMVRNN4Bq7pv1"; + uid = 1001; + extraGroups = [ + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha" + ]; + }; + + nightingale = { + name = "nightingale"; + isNormalUser = true; + home = "/srv/home/nightingale"; + initialHashedPassword = null; # TODO CHANGE + uid = 1002; + extraGroups = [ + "wheel" + ]; + openssh.authorizedKeys.keys = [ + ]; + }; + }; +} +# vim: ts=2 + |