1 files changed, 107 insertions, 0 deletions
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix
new file mode 100644
index 00000000..d37646f9
--- /dev/null
+++ b/hosts/surtr/default.nix
@@ -0,0 +1,107 @@
+{ flake, pkgs, ... }:
+{
+  imports = with flake.nixosModules.systemProfiles; [
+    qemu-guest openssh rebuild-machines
+  ];
+  config = {
+    nixpkgs = {
+      system = "x86_64-linux";
+    };
+    networking.hostId = "a64cf4d7";
+    environment.etc."machine-id".text = "a64cf4d793ab0a0ed3892ead609fc0bc";
+    boot = {
+      loader.grub = {
+        enable = true;
+        version = 2;
+        device = "/dev/vda";
+      };
+      kernelPackages = pkgs.linuxPackages_latest;
+      tmpOnTmpfs = true;
+      supportedFilesystems = [ "zfs" ];
+      zfs.devNodes = "/dev"; # /dev/vda2 does not show up in /dev/disk/by-id
+    };
+    fileSystems = {
+      "/" = {
+        fsType = "tmpfs";
+        options = [ "mode=0755" ];
+      };
+      "/boot" =
+        { device = "/dev/disk/by-label/boot";
+          fsType = "vfat";
+        };
+      "/nix" =
+        { device = "surtr/local/nix";
+          fsType = "zfs";
+        };
+      "/root" =
+        { device = "surtr/safe/home-root";
+          fsType = "zfs";
+          neededForBoot = true;
+        };
+      "/var/log" =
+        { device = "surtr/local/var-log";
+          fsType = "zfs";
+        };
+      "/home" =
+        { device = "surtr/safe/home";
+          fsType = "zfs";
+        };
+    };
+    networking = {
+      hostName = "surtr";
+      domain = "muspelheim.yggdrasil";
+      search = [ "muspelheim.yggdrasil" "yggdrasil" ];
+      enableIPv6 = true;
+      dhcpcd.enable = false;
+      useDHCP = false;
+      useNetworkd = true;
+      defaultGateway = { address = "202.61.240.1"; };
+      defaultGateway6 = { address = "fe80::1"; };
+      interfaces."ens3" = {
+        ipv4.addresses = [
+          { address = "202.61.241.61"; prefixLength = 22; }
+        ];
+        ipv6.addresses = [
+          { address = "2a03:4000:52:ada::"; prefixLength = 64; }
+        ];
+      };
+      firewall = {
+        enable = true;
+        allowPing = true;
+        allowedTCPPorts = [
+          22 # ssh
+        ];
+        allowedUDPPortRanges = [
+          { from = 60000; to = 61000; } # mosh
+        ];
+      };
+    };
+    services.openssh = {
+      enable = true;
+      passwordAuthentication = false;
+      challengeResponseAuthentication = false;
+      extraConfig = ''
+        AllowGroups ssh
+      '';
+    };
+    users.groups."ssh" = {
+      members = ["root"];
+    };
+  };
+}

diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix new file mode 100644 index 00000000..d37646f9 --- /dev/null +++ b/hosts/surtr/default.nix
@@ -0,0 +1,107 @@
	1	{ flake, pkgs, ... }:
	2	{
	3	imports = with flake.nixosModules.systemProfiles; [
	4	qemu-guest openssh rebuild-machines
	5	];
	6
	7	config = {
	8	nixpkgs = {
	9	system = "x86_64-linux";
	10	};
	11
	12	networking.hostId = "a64cf4d7";
	13	environment.etc."machine-id".text = "a64cf4d793ab0a0ed3892ead609fc0bc";
	14
	15	boot = {
	16	loader.grub = {
	17	enable = true;
	18	version = 2;
	19	device = "/dev/vda";
	20	};
	21
	22	kernelPackages = pkgs.linuxPackages_latest;
	23
	24	tmpOnTmpfs = true;
	25
	26	supportedFilesystems = [ "zfs" ];
	27	zfs.devNodes = "/dev"; # /dev/vda2 does not show up in /dev/disk/by-id
	28	};
	29
	30	fileSystems = {
	31	"/" = {
	32	fsType = "tmpfs";
	33	options = [ "mode=0755" ];
	34	};
	35
	36	"/boot" =
	37	{ device = "/dev/disk/by-label/boot";
	38	fsType = "vfat";
	39	};
	40
	41	"/nix" =
	42	{ device = "surtr/local/nix";
	43	fsType = "zfs";
	44	};
	45
	46	"/root" =
	47	{ device = "surtr/safe/home-root";
	48	fsType = "zfs";
	49	neededForBoot = true;
	50	};
	51
	52	"/var/log" =
	53	{ device = "surtr/local/var-log";
	54	fsType = "zfs";
	55	};
	56
	57	"/home" =
	58	{ device = "surtr/safe/home";
	59	fsType = "zfs";
	60	};
	61	};
	62
	63	networking = {
	64	hostName = "surtr";
	65	domain = "muspelheim.yggdrasil";
	66	search = [ "muspelheim.yggdrasil" "yggdrasil" ];
	67
	68	enableIPv6 = true;
	69	dhcpcd.enable = false;
	70	useDHCP = false;
	71	useNetworkd = true;
	72	defaultGateway = { address = "202.61.240.1"; };
	73	defaultGateway6 = { address = "fe80::1"; };
	74	interfaces."ens3" = {
	75	ipv4.addresses = [
	76	{ address = "202.61.241.61"; prefixLength = 22; }
	77	];
	78	ipv6.addresses = [
	79	{ address = "2a03:4000:52:ada::"; prefixLength = 64; }
	80	];
	81	};
	82
	83	firewall = {
	84	enable = true;
	85	allowPing = true;
	86	allowedTCPPorts = [
	87	22 # ssh
	88	];
	89	allowedUDPPortRanges = [
	90	{ from = 60000; to = 61000; } # mosh
	91	];
	92	};
	93	};
	94
	95	services.openssh = {
	96	enable = true;
	97	passwordAuthentication = false;
	98	challengeResponseAuthentication = false;
	99	extraConfig = ''
	100	AllowGroups ssh
	101	'';
	102	};
	103	users.groups."ssh" = {
	104	members = ["root"];
	105	};
	106	};
	107	}