1 files changed, 126 insertions, 0 deletions
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix
new file mode 100644
index 00000000..72ed81ae
--- /dev/null
+++ b/hosts/surtr/default.nix
@@ -0,0 +1,126 @@
+{ flake, pkgs, lib, ... }:
+{
+  imports = with flake.nixosModules.systemProfiles; [
+    qemu-guest openssh rebuild-machines ./zfs.nix ./dns ./tls.nix
+  ];
+  config = {
+    nixpkgs = {
+      system = "x86_64-linux";
+    };
+    networking.hostId = "a64cf4d7";
+    environment.etc."machine-id".text = "a64cf4d793ab0a0ed3892ead609fc0bc";
+    boot = {
+      loader.grub = {
+        enable = true;
+        version = 2;
+        device = "/dev/vda";
+      };
+      kernelPackages = pkgs.linuxPackages_latest;
+      tmpOnTmpfs = true;
+      supportedFilesystems = [ "zfs" ];
+      zfs = {
+        enableUnstable = true;
+        devNodes = "/dev"; # /dev/vda2 does not show up in /dev/disk/by-id
+      };
+      kernelModules = ["ptp_kvm"];
+    };
+    fileSystems = {
+      "/" = {
+        fsType = "tmpfs";
+        options = [ "mode=0755" ];
+      };
+      "/boot" =
+        { device = "/dev/disk/by-label/boot";
+          fsType = "vfat";
+        };
+    };
+    networking = {
+      hostName = "surtr";
+      domain = "muspelheim.yggdrasil";
+      search = [ "muspelheim.yggdrasil" "yggdrasil" ];
+      enableIPv6 = true;
+      dhcpcd.enable = false;
+      useDHCP = false;
+      useNetworkd = true;
+      defaultGateway = { address = "202.61.240.1"; };
+      defaultGateway6 = { address = "fe80::1"; };
+      interfaces."ens3" = {
+        ipv4.addresses = [
+          { address = "202.61.241.61"; prefixLength = 22; }
+        ];
+        ipv6.addresses = [
+          { address = "2a03:4000:52:ada::"; prefixLength = 64; }
+        ];
+      };
+      firewall = {
+        enable = true;
+        allowPing = true;
+        allowedTCPPorts = [
+          22 # ssh
+        ];
+        allowedUDPPortRanges = [
+          { from = 60000; to = 61000; } # mosh
+        ];
+      };
+    };
+    systemd.network.networks."40-ens3".networkConfig = {
+      Domains = lib.mkForce "~.";
+      DNS = [ "46.38.225.230" "46.38.252.230" "2a03:4000:0:1::e1e6" "2a03:4000:8000::fce6" ];
+    };
+    services.timesyncd.enable = false;
+    services.chrony = {
+      enable = true;
+      servers = [];
+      extraConfig = ''
+        pool time.cloudflare.com iburst nts
+        pool nts.ntp.se iburst nts
+        server nts.sth1.ntp.se iburst nts
+        server nts.sth2.ntp.se iburst nts
+        server ptbtime1.ptb.de iburst nts
+        server ptbtime2.ptb.de iburst nts
+        server ptbtime3.ptb.de iburst nts
+        refclock PHC /dev/ptp_kvm poll 2 dpoll -2 offset 0 stratum 3
+        makestep 0.1 3
+        cmdport 0
+      '';
+    };
+    services.openssh = {
+      enable = true;
+      passwordAuthentication = false;
+      challengeResponseAuthentication = false;
+      extraConfig = ''
+        AllowGroups ssh
+      '';
+    };
+    users.groups."ssh" = {
+      members = ["root"];
+    };
+    security.sudo.extraConfig = ''
+      Defaults lecture = never
+    '';
+    nix.gc = {
+      automatic = true;
+      options = "--delete-older-than 30d";
+    };
+  };
+}

diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix new file mode 100644 index 00000000..72ed81ae --- /dev/null +++ b/hosts/surtr/default.nix
@@ -0,0 +1,126 @@
	1	{ flake, pkgs, lib, ... }:
	2	{
	3	imports = with flake.nixosModules.systemProfiles; [
	4	qemu-guest openssh rebuild-machines ./zfs.nix ./dns ./tls.nix
	5	];
	6
	7	config = {
	8	nixpkgs = {
	9	system = "x86_64-linux";
	10	};
	11
	12	networking.hostId = "a64cf4d7";
	13	environment.etc."machine-id".text = "a64cf4d793ab0a0ed3892ead609fc0bc";
	14
	15	boot = {
	16	loader.grub = {
	17	enable = true;
	18	version = 2;
	19	device = "/dev/vda";
	20	};
	21
	22	kernelPackages = pkgs.linuxPackages_latest;
	23
	24	tmpOnTmpfs = true;
	25
	26	supportedFilesystems = [ "zfs" ];
	27	zfs = {
	28	enableUnstable = true;
	29	devNodes = "/dev"; # /dev/vda2 does not show up in /dev/disk/by-id
	30	};
	31
	32	kernelModules = ["ptp_kvm"];
	33	};
	34
	35	fileSystems = {
	36	"/" = {
	37	fsType = "tmpfs";
	38	options = [ "mode=0755" ];
	39	};
	40
	41	"/boot" =
	42	{ device = "/dev/disk/by-label/boot";
	43	fsType = "vfat";
	44	};
	45	};
	46
	47	networking = {
	48	hostName = "surtr";
	49	domain = "muspelheim.yggdrasil";
	50	search = [ "muspelheim.yggdrasil" "yggdrasil" ];
	51
	52	enableIPv6 = true;
	53	dhcpcd.enable = false;
	54	useDHCP = false;
	55	useNetworkd = true;
	56	defaultGateway = { address = "202.61.240.1"; };
	57	defaultGateway6 = { address = "fe80::1"; };
	58	interfaces."ens3" = {
	59	ipv4.addresses = [
	60	{ address = "202.61.241.61"; prefixLength = 22; }
	61	];
	62	ipv6.addresses = [
	63	{ address = "2a03:4000:52:ada::"; prefixLength = 64; }
	64	];
	65	};
	66
	67	firewall = {
	68	enable = true;
	69	allowPing = true;
	70	allowedTCPPorts = [
	71	22 # ssh
	72	];
	73	allowedUDPPortRanges = [
	74	{ from = 60000; to = 61000; } # mosh
	75	];
	76	};
	77	};
	78
	79	systemd.network.networks."40-ens3".networkConfig = {
	80	Domains = lib.mkForce "~.";
	81	DNS = [ "46.38.225.230" "46.38.252.230" "2a03:4000:0:1::e1e6" "2a03:4000:8000::fce6" ];
	82	};
	83
	84	services.timesyncd.enable = false;
	85	services.chrony = {
	86	enable = true;
	87	servers = [];
	88	extraConfig = ''
	89	pool time.cloudflare.com iburst nts
	90	pool nts.ntp.se iburst nts
	91	server nts.sth1.ntp.se iburst nts
	92	server nts.sth2.ntp.se iburst nts
	93	server ptbtime1.ptb.de iburst nts
	94	server ptbtime2.ptb.de iburst nts
	95	server ptbtime3.ptb.de iburst nts
	96
	97	refclock PHC /dev/ptp_kvm poll 2 dpoll -2 offset 0 stratum 3
	98
	99	makestep 0.1 3
	100
	101	cmdport 0
	102	'';
	103	};
	104
	105	services.openssh = {
	106	enable = true;
	107	passwordAuthentication = false;
	108	challengeResponseAuthentication = false;
	109	extraConfig = ''
	110	AllowGroups ssh
	111	'';
	112	};
	113	users.groups."ssh" = {
	114	members = ["root"];
	115	};
	116
	117	security.sudo.extraConfig = ''
	118	Defaults lecture = never
	119	'';
	120
	121	nix.gc = {
	122	automatic = true;
	123	options = "--delete-older-than 30d";
	124	};
	125	};
	126	}