You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
114 lines
3.1 KiB
114 lines
3.1 KiB
/* TOP LEVEL DEVICE CONFIGURATION FOR
|
|
*
|
|
* hyperion (hetzner root server)
|
|
*
|
|
*
|
|
* This file is part of LIBKOOKIE, a collection of nix expressions.
|
|
* LIBKOOKIE is licensed under the GPL-3.0 (or later) -- see LICENSE
|
|
*/
|
|
|
|
{ lib, config, pkgs, ... } @ args:
|
|
|
|
let klib = (import <modules/harness/lib.nix>) args;
|
|
in
|
|
{
|
|
###################################################################
|
|
# libkookie configuration
|
|
#
|
|
#
|
|
#
|
|
|
|
imports = with klib; [
|
|
# Load base modules required to bootstrap libkookie
|
|
<home-manager/nixos> <modules> <configuration/nix>
|
|
|
|
(loadModule <configuration/base> "default")
|
|
|
|
<configuration/server/acme/hyperion.nix>
|
|
<configuration/server/blog>
|
|
<configuration/server/brook>
|
|
<configuration/server/cgit>
|
|
<configuration/server/docker>
|
|
<configuration/server/gitlab-ci>
|
|
<configuration/server/openssh>
|
|
<configuration/server/prosody>
|
|
<configuration/server/nginx>
|
|
<configuration/server/quassel>
|
|
<configuration/server/tor>
|
|
<configuration/server/wireguard/hyperion.nix>
|
|
];
|
|
|
|
# TODO: build a klib function to patch cfg here
|
|
libkookie.activeUsers = with klib; [
|
|
(patchAttrs (load <configuration/users/spacekookie>) (a: { cfg.home = "/home/spacekookie"; }))
|
|
(load <configuration/users/qyliss>)
|
|
(load <configuration/users/molly>)
|
|
];
|
|
|
|
#
|
|
#
|
|
#
|
|
#
|
|
###################################################################
|
|
|
|
boot.zfs.devNodes = "/dev";
|
|
boot.loader.grub = {
|
|
enable = true;
|
|
copyKernels = true;
|
|
version = 2;
|
|
|
|
efiSupport = false;
|
|
zfsSupport = true;
|
|
device = "/dev/sdb";
|
|
};
|
|
|
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
|
|
boot.kernelModules = [ "kvm-intel" ];
|
|
boot.extraModulePackages = [ ];
|
|
|
|
fileSystems."/" =
|
|
{ device = "tank/nix";
|
|
fsType = "zfs";
|
|
};
|
|
|
|
swapDevices = [ { device = "/dev/zd0"; } ];
|
|
|
|
nix.maxJobs = lib.mkDefault 8;
|
|
|
|
hardware.cpu.intel.updateMicrocode = true;
|
|
|
|
networking = {
|
|
defaultGateway = "95.216.98.1";
|
|
defaultGateway6 = { address = "fe80::1"; interface = "enp0s31f6"; };
|
|
nameservers = [ "1.1.1.1" ];
|
|
interfaces.enp0s31f6 = {
|
|
ipv4.addresses = [ { address = "95.216.98.55"; prefixLength = 26; } ];
|
|
ipv6.addresses = [ { address = "2a01:4f9:2b:1148::"; prefixLength = 64; } ];
|
|
};
|
|
dhcpcd.enable = false; # We have a static IP
|
|
useDHCP = false;
|
|
};
|
|
|
|
networking.hostName = "hyperion"; # Define your hostname.
|
|
networking.hostId = "d83bebd1";
|
|
|
|
networking.nat.enable = true;
|
|
networking.nat.externalInterface = "eth0";
|
|
networking.nat.internalInterfaces = [ "intranet" ];
|
|
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
# Tools that are impotant for everybody to have
|
|
environment.systemPackages = with pkgs; [
|
|
curl git htop kakoune links tmux vim wget wireguard
|
|
];
|
|
|
|
programs.zsh.enable = true;
|
|
|
|
services.zfs.autoScrub.enable = true;
|
|
|
|
users.users.spacekookie.hashedPassword = "$6$K9tFZBjAfaeLmzq$cc9yKWw93/f5DmypEg0pJGcPl4FTAMzECtWjFZp4GRDF1hC38zRLUwUgXpxSEiEWp8am3yM/aojZrJdiXpBEk.";
|
|
users.groups.tls = {};
|
|
|
|
system.stateVersion = "19.03"; # Did you read the comment?
|
|
}
|
|
|