1 files changed, 105 insertions, 0 deletions
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix
new file mode 100644
index 00000000..b3a55dac
--- /dev/null
+++ b/hosts/surtr/default.nix
@@ -0,0 +1,105 @@
+{ flake, pkgs, ... }:
+{
+  imports = with flake.nixosModules.systemProfiles; [
+    qemu-guest openssh
+  ];
+  config = {
+    nixpkgs = {
+      system = "x86_64-linux";
+    };
+    networking.hostId = "a64cf4d7";
+    environment.etc."machine-id".text = "a64cf4d793ab0a0ed3892ead609fc0bc";
+    boot = {
+      loader = {
+        systemd-boot.enable = true;
+        efi.canTouchEfiVariables = true;
+        timeout = null;
+      };
+      kernelPackages = pkgs.linuxPackages_latest;
+      tmpOnTmpfs = true;
+      supportedFilesystems = [ "zfs" ];
+    };
+    fileSystems = {
+      "/" = {
+        fsType = "tmpfs";
+        options = [ "mode=0755" ];
+      };
+      "/boot" =
+        { device = "/dev/disk/by-label/boot";
+          fsType = "vfat";
+        };
+      "/nix" =
+        { device = "surtr/local/nix";
+          fsType = "zfs";
+        };
+      "/root" =
+        { device = "surtr/safe/home-root";
+          fsType = "zfs";
+          neededForBoot = true;
+        };
+      "/var/log" =
+        { device = "surtr/local/var-log";
+          fsType = "zfs";
+        };
+      "/home" =
+        { device = "surtr/safe/home";
+          fsType = "zfs";
+        };
+    };
+    networking = {
+      hostName = "surtr";
+      domain = "muspelheim.yggdrasil";
+      search = [ "muspelheim.yggdrasil" "yggdrasil" ];
+      enableIPv6 = true;
+      dhcpcd.enable = false;
+      useDHCP = false;
+      useNetworkd = true;
+      defaultGateway = { address = "202.61.240.1"; };
+      defaultGateway6 = { address = "fe80::1"; };
+      interfaces."ens3" = {
+        ipv4.addresses = [
+          { address = "202.61.241.61"; prefixLength = 22; }
+        ];
+        ipv6.addresses = [
+          { address = "2a03:4000:52:ada::"; prefixLength = 64; }
+        ];
+      };
+      firewall = {
+        enable = true;
+        allowPing = true;
+        allowedTCPPorts = [
+          22 # ssh
+        ];
+        allowedUDPPortRanges = [
+          { from = 60000; to = 61000; } # mosh
+        ];
+      };
+    };
+    services.openssh = {
+      passwordAuthentication = false;
+      challengeResponseAuthentication = false;
+      extraConfig = ''
+        AllowGroups ssh
+      '';
+    };
+    users.groups."ssh" = {
+      members = ["root"];
+    };
+  };
+}

diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix new file mode 100644 index 00000000..b3a55dac --- /dev/null +++ b/hosts/surtr/default.nix
@@ -0,0 +1,105 @@
	1	{ flake, pkgs, ... }:
	2	{
	3	imports = with flake.nixosModules.systemProfiles; [
	4	qemu-guest openssh
	5	];
	6
	7	config = {
	8	nixpkgs = {
	9	system = "x86_64-linux";
	10	};
	11
	12	networking.hostId = "a64cf4d7";
	13	environment.etc."machine-id".text = "a64cf4d793ab0a0ed3892ead609fc0bc";
	14
	15	boot = {
	16	loader = {
	17	systemd-boot.enable = true;
	18	efi.canTouchEfiVariables = true;
	19	timeout = null;
	20	};
	21
	22	kernelPackages = pkgs.linuxPackages_latest;
	23
	24	tmpOnTmpfs = true;
	25
	26	supportedFilesystems = [ "zfs" ];
	27	};
	28
	29	fileSystems = {
	30	"/" = {
	31	fsType = "tmpfs";
	32	options = [ "mode=0755" ];
	33	};
	34
	35	"/boot" =
	36	{ device = "/dev/disk/by-label/boot";
	37	fsType = "vfat";
	38	};
	39
	40	"/nix" =
	41	{ device = "surtr/local/nix";
	42	fsType = "zfs";
	43	};
	44
	45	"/root" =
	46	{ device = "surtr/safe/home-root";
	47	fsType = "zfs";
	48	neededForBoot = true;
	49	};
	50
	51	"/var/log" =
	52	{ device = "surtr/local/var-log";
	53	fsType = "zfs";
	54	};
	55
	56	"/home" =
	57	{ device = "surtr/safe/home";
	58	fsType = "zfs";
	59	};
	60	};
	61
	62	networking = {
	63	hostName = "surtr";
	64	domain = "muspelheim.yggdrasil";
	65	search = [ "muspelheim.yggdrasil" "yggdrasil" ];
	66
	67	enableIPv6 = true;
	68	dhcpcd.enable = false;
	69	useDHCP = false;
	70	useNetworkd = true;
	71	defaultGateway = { address = "202.61.240.1"; };
	72	defaultGateway6 = { address = "fe80::1"; };
	73	interfaces."ens3" = {
	74	ipv4.addresses = [
	75	{ address = "202.61.241.61"; prefixLength = 22; }
	76	];
	77	ipv6.addresses = [
	78	{ address = "2a03:4000:52:ada::"; prefixLength = 64; }
	79	];
	80	};
	81
	82	firewall = {
	83	enable = true;
	84	allowPing = true;
	85	allowedTCPPorts = [
	86	22 # ssh
	87	];
	88	allowedUDPPortRanges = [
	89	{ from = 60000; to = 61000; } # mosh
	90	];
	91	};
	92	};
	93
	94	services.openssh = {
	95	passwordAuthentication = false;
	96	challengeResponseAuthentication = false;
	97	extraConfig = ''
	98	AllowGroups ssh
	99	'';
	100	};
	101	users.groups."ssh" = {
	102	members = ["root"];
	103	};
	104	};
	105	}