vidhar: initial

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-06-17 21:20:19 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-06-17 21:20:19 +0200
commit: 234c7390e46d1f0e116822e171aa7815d97488c1 (patch)
tree: 722636499ca3b9844ce769667fc8b82fb1f8a1af /hosts/vidhar/default.nix
parent: 4f68db21acf6a4c0d5274dac8441414f090128d5 (diff)
download: nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar
nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar.gz
nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar.bz2
nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar.xz
nixos-234c7390e46d1f0e116822e171aa7815d97488c1.zip
1 files changed, 100 insertions, 0 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
new file mode 100644
index 00000000..dc7f620b
--- /dev/null
+++ b/hosts/vidhar/default.nix
@@ -0,0 +1,100 @@
+{ flake, pkgs, lib, ... }:
+{
+  imports = with flake.nixosModules.systemProfiles; [
+    openssh rebuild-machines
+  ];
+  config = {
+    nixpkgs = {
+      system = "x86_64-linux";
+    };
+    networking.hostId = "1e7ddd78";
+    environment.etc."machine-id".text = "1e7ddd784c525bba2a03d7c160c5da4e";
+    boot = {
+      loader.grub = {
+        enable = true;
+        version = 2;
+        device = "/dev/disk/by-id/usb-Intenso_Slim_Line_22010091300228-0:0";
+      };
+      kernelPackages = pkgs.linuxPackages_latest;
+      tmpOnTmpfs = true;
+      supportedFilesystems = [ "zfs" ];
+      zfs = {
+        enableUnstable = true;
+      };
+    };
+    fileSystems = {
+      "/" = {
+        fsType = "tmpfs";
+        options = [ "mode=0755" ];
+      };
+    };
+    networking = {
+      hostName = "vidhar";
+      domain = "asgard.yggdrasil";
+      search = [ "asgard.yggdrasil" "yggdrasil" ];
+      useDHCP = false;
+      useNetworkd = true;
+      interfaces."eno1".useDHCP = true;
+      firewall = {
+        enable = true;
+        allowPing = true;
+        allowedTCPPorts = [
+          22 # ssh
+        ];
+        allowedUDPPortRanges = [
+          { from = 60000; to = 61000; } # mosh
+        ];
+      };
+    };
+    services.timesyncd.enable = false;
+    services.chrony = {
+      enable = true;
+      servers = [];
+      extraConfig = ''
+        pool time.cloudflare.com iburst nts
+        pool nts.ntp.se iburst nts
+        server nts.sth1.ntp.se iburst nts
+        server nts.sth2.ntp.se iburst nts
+        server ptbtime1.ptb.de iburst nts
+        server ptbtime2.ptb.de iburst nts
+        server ptbtime3.ptb.de iburst nts
+        makestep 0.1 3
+        cmdport 0
+      '';
+    };
+    services.openssh = {
+      enable = true;
+      passwordAuthentication = false;
+      challengeResponseAuthentication = false;
+      extraConfig = ''
+        AllowGroups ssh
+      '';
+    };
+    users.groups."ssh" = {
+      members = ["root"];
+    };
+    security.sudo.extraConfig = ''
+      Defaults lecture = never
+    '';
+    nix.gc = {
+      automatic = true;
+      options = "--delete-older-than 30d";
+    };
+  };
+}
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-06-17 21:20:19 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-06-17 21:20:19 +0200
commit	234c7390e46d1f0e116822e171aa7815d97488c1 (patch)
tree	722636499ca3b9844ce769667fc8b82fb1f8a1af /hosts/vidhar/default.nix
parent	4f68db21acf6a4c0d5274dac8441414f090128d5 (diff)
download	nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar.gz nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar.bz2 nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar.xz nixos-234c7390e46d1f0e116822e171aa7815d97488c1.zip

diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix new file mode 100644 index 00000000..dc7f620b --- /dev/null +++ b/hosts/vidhar/default.nix
@@ -0,0 +1,100 @@
	1	{ flake, pkgs, lib, ... }:
	2	{
	3	imports = with flake.nixosModules.systemProfiles; [
	4	openssh rebuild-machines
	5	];
	6
	7	config = {
	8	nixpkgs = {
	9	system = "x86_64-linux";
	10	};
	11
	12	networking.hostId = "1e7ddd78";
	13	environment.etc."machine-id".text = "1e7ddd784c525bba2a03d7c160c5da4e";
	14
	15	boot = {
	16	loader.grub = {
	17	enable = true;
	18	version = 2;
	19	device = "/dev/disk/by-id/usb-Intenso_Slim_Line_22010091300228-0:0";
	20	};
	21
	22	kernelPackages = pkgs.linuxPackages_latest;
	23
	24	tmpOnTmpfs = true;
	25
	26	supportedFilesystems = [ "zfs" ];
	27	zfs = {
	28	enableUnstable = true;
	29	};
	30	};
	31
	32	fileSystems = {
	33	"/" = {
	34	fsType = "tmpfs";
	35	options = [ "mode=0755" ];
	36	};
	37	};
	38
	39	networking = {
	40	hostName = "vidhar";
	41	domain = "asgard.yggdrasil";
	42	search = [ "asgard.yggdrasil" "yggdrasil" ];
	43
	44	useDHCP = false;
	45	useNetworkd = true;
	46
	47	interfaces."eno1".useDHCP = true;
	48
	49	firewall = {
	50	enable = true;
	51	allowPing = true;
	52	allowedTCPPorts = [
	53	22 # ssh
	54	];
	55	allowedUDPPortRanges = [
	56	{ from = 60000; to = 61000; } # mosh
	57	];
	58	};
	59	};
	60	services.timesyncd.enable = false;
	61	services.chrony = {
	62	enable = true;
	63	servers = [];
	64	extraConfig = ''
	65	pool time.cloudflare.com iburst nts
	66	pool nts.ntp.se iburst nts
	67	server nts.sth1.ntp.se iburst nts
	68	server nts.sth2.ntp.se iburst nts
	69	server ptbtime1.ptb.de iburst nts
	70	server ptbtime2.ptb.de iburst nts
	71	server ptbtime3.ptb.de iburst nts
	72
	73	makestep 0.1 3
	74
	75	cmdport 0
	76	'';
	77	};
	78
	79	services.openssh = {
	80	enable = true;
	81	passwordAuthentication = false;
	82	challengeResponseAuthentication = false;
	83	extraConfig = ''
	84	AllowGroups ssh
	85	'';
	86	};
	87	users.groups."ssh" = {
	88	members = ["root"];
	89	};
	90
	91	security.sudo.extraConfig = ''
	92	Defaults lecture = never
	93	'';
	94
	95	nix.gc = {
	96	automatic = true;
	97	options = "--delete-older-than 30d";
	98	};
	99	};
	100	}