summary refs log tree commit diff stats
path: root/system
diff options
context:
space:
mode:
authorene <ene@sils.li>2023-02-08 17:33:02 +0100
committerene <ene@sils.li>2023-02-08 17:33:02 +0100
commitc50431b189e982a631d2d4864b304f33169bacdb (patch)
tree164c350e503c7dfda585ed505536b08882e00323 /system
parentMerge pull request 'Imported the headless profile' (#13) from server1_headles... (diff)
parentMerge branch 'server1_minecraft2' into server1 (diff)
downloadnixos-server-c50431b189e982a631d2d4864b304f33169bacdb.zip
Merge pull request 'Merge to server1' (#16) from server1_develop into server1
Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/16
Diffstat (limited to 'system')
-rw-r--r--system/default.nix8
-rw-r--r--system/system/fileSystemLayouts.nix45
-rw-r--r--system/system/hardware.nix9
-rw-r--r--system/system/packages.nix9
-rw-r--r--system/system/users.nix59
5 files changed, 130 insertions, 0 deletions
diff --git a/system/default.nix b/system/default.nix
new file mode 100644
index 0000000..2af4982
--- /dev/null
+++ b/system/default.nix
@@ -0,0 +1,8 @@
+{config, ...}: {
+  imports = [
+    ./system/fileSystemLayouts.nix
+    ./system/hardware.nix
+    ./system/packages.nix
+    ./system/users.nix
+  ];
+}
diff --git a/system/system/fileSystemLayouts.nix b/system/system/fileSystemLayouts.nix
new file mode 100644
index 0000000..9d03a05
--- /dev/null
+++ b/system/system/fileSystemLayouts.nix
@@ -0,0 +1,45 @@
+{
+  modulesPath,
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.system.fileSystemLayouts;
+in {
+  options.system.fileSystemLayouts = {
+    mainDisk = mkOption {
+      type = lib.types.path;
+      example = literalExpression "/dev/disk/by-uuid/0442cb6d-f13a-4635-b487-fa76189774c5";
+      description = lib.mdDoc "Path to the main disk";
+    };
+  };
+  config = {
+    fileSystems = {
+      "/" = {
+        device = "tmpfs";
+        fsType = "tmpfs";
+        options = ["defaults" "size=2G" "mode=755"];
+      };
+      "/nix" = {
+        device = cfg.mainDisk;
+        fsType = "btrfs";
+        options = ["subvol=nix" "compress-force=zstd"];
+      };
+      "/srv" = {
+        device = cfg.mainDisk;
+        fsType = "btrfs";
+        options = ["subvol=storage" "compress-force=zstd"];
+      };
+      "/boot" = {
+        device = cfg.mainDisk;
+        options = ["subvol=boot" "compress-force=zstd"];
+      };
+
+      "/etc/nixos" = {
+        device = "/srv/nix-config";
+        options = ["bind"];
+      };
+    };
+  };
+}
diff --git a/system/system/hardware.nix b/system/system/hardware.nix
new file mode 100644
index 0000000..c4c7dc9
--- /dev/null
+++ b/system/system/hardware.nix
@@ -0,0 +1,9 @@
+{modulesPath, ...}: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+    (modulesPath + "/profiles/headless.nix")
+  ];
+  boot.loader.grub.device = "/dev/vda";
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
+  boot.initrd.kernelModules = ["nvme" "btrfs"];
+}
diff --git a/system/system/packages.nix b/system/system/packages.nix
new file mode 100644
index 0000000..4d33c6e
--- /dev/null
+++ b/system/system/packages.nix
@@ -0,0 +1,9 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    jre_minimal
+    git
+    zsh
+    neovim
+    btrfs-progs
+  ];
+}
diff --git a/system/system/users.nix b/system/system/users.nix
new file mode 100644
index 0000000..34e1648
--- /dev/null
+++ b/system/system/users.nix
@@ -0,0 +1,59 @@
+{pkgs, ...}: {
+  users.mutableUsers = false;
+  users.defaultUserShell = pkgs.zsh;
+
+  users.users = {
+    root = {
+      #uid = 0;
+      #initialHashedPassword = null; # to lock root
+      # Backup, if something happens. TODO remove this later
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha"
+      ];
+    };
+
+    sils = {
+      name = "sils";
+      isNormalUser = true;
+      home = "/srv/home/sils";
+      initialHashedPassword = "$y$jFT$KpFnahVCE9JbE.5P3us8o.$ZzSxCusWqe3sL7b6DLgOXNNUf114tiiptM6T8lDxtKC"; # TODO CHANGE
+      uid = 1000;
+      extraGroups = [
+        "wheel"
+      ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils"
+      ];
+    };
+
+    soispha = {
+      name = "soispha";
+      isNormalUser = true;
+      home = "/srv/home/soispha";
+      initialHashedPassword = "$y$jFT$3.8XmUyukZvpExMUxDZkI.$IVrJgm8ysNDF/0vDD2kF6w73ozXgr1LMVRNN4Bq7pv1";
+      uid = 1001;
+      extraGroups = [
+        "wheel"
+      ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha"
+      ];
+    };
+
+    nightingale = {
+      name = "nightingale";
+      isNormalUser = true;
+      home = "/srv/home/nightingale";
+      initialHashedPassword = null; # TODO CHANGE
+      uid = 1002;
+      extraGroups = [
+        "wheel"
+      ];
+      openssh.authorizedKeys.keys = [
+      ];
+    };
+  };
+}
+# vim: ts=2
+