blob: 7e303dd88b252bfabeaf350c7a94a5bff52b60fe (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
/* TOP LEVEL DEVICE CONFIGURATION FOR
*
* hyperion (hetzner root server)
*
*
* This file is part of LIBKOOKIE, a collection of nix expressions.
* LIBKOOKIE is licensed under the GPL-3.0 (or later) -- see LICENSE
*/
{ lib, config, pkgs, ... } @ args:
let klib = (import <modules/harness/lib.nix>) args;
in
{
###################################################################
# libkookie configuration
#
#
#
imports = with klib; [
# Load base modules required to bootstrap libkookie
<home-manager/nixos> <modules> <configuration/nix>
(loadModule <configuration/base> "default")
<configuration/server/acme/hyperion.nix>
<configuration/server/blog>
<configuration/server/brook>
<configuration/server/cgit>
<configuration/server/docker>
<configuration/server/gitlab-ci>
<configuration/server/openssh>
<configuration/server/prosody>
<configuration/server/nginx>
<configuration/server/quassel>
<configuration/server/tor>
<configuration/server/wireguard/hyperion.nix>
];
# TODO: build a klib function to patch cfg here
libkookie.activeUsers = with klib; [
(patchAttrs (load <configuration/users/spacekookie>) (a: { cfg.home = "/home/spacekookie"; }))
(load <configuration/users/qyliss>)
(load <configuration/users/molly>)
];
#
#
#
#
###################################################################
boot.zfs.devNodes = "/dev";
boot.loader.grub = {
enable = true;
copyKernels = true;
version = 2;
efiSupport = false;
zfsSupport = true;
device = "/dev/sdb";
};
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "tank/nix";
fsType = "zfs";
};
swapDevices = [ { device = "/dev/zd0"; } ];
nix.maxJobs = lib.mkDefault 8;
hardware.cpu.intel.updateMicrocode = true;
networking = {
defaultGateway = "95.216.98.1";
defaultGateway6 = { address = "fe80::1"; interface = "enp0s31f6"; };
nameservers = [ "1.1.1.1" ];
interfaces.enp0s31f6 = {
ipv4.addresses = [ { address = "95.216.98.55"; prefixLength = 26; } ];
ipv6.addresses = [ { address = "2a01:4f9:2b:1148::"; prefixLength = 64; } ];
};
dhcpcd.enable = false; # We have a static IP
useDHCP = false;
};
networking.hostName = "hyperion"; # Define your hostname.
networking.hostId = "d83bebd1";
networking.nat.enable = true;
networking.nat.externalInterface = "eth0";
networking.nat.internalInterfaces = [ "intranet" ];
time.timeZone = "Europe/Berlin";
# Tools that are impotant for everybody to have
environment.systemPackages = with pkgs; [
curl git htop kakoune links tmux vim wget wireguard
];
programs.zsh.enable = true;
services.zfs.autoScrub.enable = true;
users.users.spacekookie.hashedPassword = "$6$K9tFZBjAfaeLmzq$cc9yKWw93/f5DmypEg0pJGcPl4FTAMzECtWjFZp4GRDF1hC38zRLUwUgXpxSEiEWp8am3yM/aojZrJdiXpBEk.";
users.groups.tls = {};
system.stateVersion = "19.03"; # Did you read the comment?
}
|
