1 files changed, 100 insertions, 0 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
new file mode 100644
index 00000000..dc7f620b
--- /dev/null
+++ b/hosts/vidhar/default.nix
@@ -0,0 +1,100 @@
+{ flake, pkgs, lib, ... }:
+{
+  imports = with flake.nixosModules.systemProfiles; [
+    openssh rebuild-machines
+  ];
+  config = {
+    nixpkgs = {
+      system = "x86_64-linux";
+    };
+    networking.hostId = "1e7ddd78";
+    environment.etc."machine-id".text = "1e7ddd784c525bba2a03d7c160c5da4e";
+    boot = {
+      loader.grub = {
+        enable = true;
+        version = 2;
+        device = "/dev/disk/by-id/usb-Intenso_Slim_Line_22010091300228-0:0";
+      };
+      kernelPackages = pkgs.linuxPackages_latest;
+      tmpOnTmpfs = true;
+      supportedFilesystems = [ "zfs" ];
+      zfs = {
+        enableUnstable = true;
+      };
+    };
+    fileSystems = {
+      "/" = {
+        fsType = "tmpfs";
+        options = [ "mode=0755" ];
+      };
+    };
+    networking = {
+      hostName = "vidhar";
+      domain = "asgard.yggdrasil";
+      search = [ "asgard.yggdrasil" "yggdrasil" ];
+      useDHCP = false;
+      useNetworkd = true;
+      interfaces."eno1".useDHCP = true;
+      firewall = {
+        enable = true;
+        allowPing = true;
+        allowedTCPPorts = [
+          22 # ssh
+        ];
+        allowedUDPPortRanges = [
+          { from = 60000; to = 61000; } # mosh
+        ];
+      };
+    };
+    services.timesyncd.enable = false;
+    services.chrony = {
+      enable = true;
+      servers = [];
+      extraConfig = ''
+        pool time.cloudflare.com iburst nts
+        pool nts.ntp.se iburst nts
+        server nts.sth1.ntp.se iburst nts
+        server nts.sth2.ntp.se iburst nts
+        server ptbtime1.ptb.de iburst nts
+        server ptbtime2.ptb.de iburst nts
+        server ptbtime3.ptb.de iburst nts
+        makestep 0.1 3
+        cmdport 0
+      '';
+    };
+    services.openssh = {
+      enable = true;
+      passwordAuthentication = false;
+      challengeResponseAuthentication = false;
+      extraConfig = ''
+        AllowGroups ssh
+      '';
+    };
+    users.groups."ssh" = {
+      members = ["root"];
+    };
+    security.sudo.extraConfig = ''
+      Defaults lecture = never
+    '';
+    nix.gc = {
+      automatic = true;
+      options = "--delete-older-than 30d";
+    };
+  };
+}

diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix new file mode 100644 index 00000000..dc7f620b --- /dev/null +++ b/hosts/vidhar/default.nix
@@ -0,0 +1,100 @@
	1	{ flake, pkgs, lib, ... }:
	2	{
	3	imports = with flake.nixosModules.systemProfiles; [
	4	openssh rebuild-machines
	5	];
	6
	7	config = {
	8	nixpkgs = {
	9	system = "x86_64-linux";
	10	};
	11
	12	networking.hostId = "1e7ddd78";
	13	environment.etc."machine-id".text = "1e7ddd784c525bba2a03d7c160c5da4e";
	14
	15	boot = {
	16	loader.grub = {
	17	enable = true;
	18	version = 2;
	19	device = "/dev/disk/by-id/usb-Intenso_Slim_Line_22010091300228-0:0";
	20	};
	21
	22	kernelPackages = pkgs.linuxPackages_latest;
	23
	24	tmpOnTmpfs = true;
	25
	26	supportedFilesystems = [ "zfs" ];
	27	zfs = {
	28	enableUnstable = true;
	29	};
	30	};
	31
	32	fileSystems = {
	33	"/" = {
	34	fsType = "tmpfs";
	35	options = [ "mode=0755" ];
	36	};
	37	};
	38
	39	networking = {
	40	hostName = "vidhar";
	41	domain = "asgard.yggdrasil";
	42	search = [ "asgard.yggdrasil" "yggdrasil" ];
	43
	44	useDHCP = false;
	45	useNetworkd = true;
	46
	47	interfaces."eno1".useDHCP = true;
	48
	49	firewall = {
	50	enable = true;
	51	allowPing = true;
	52	allowedTCPPorts = [
	53	22 # ssh
	54	];
	55	allowedUDPPortRanges = [
	56	{ from = 60000; to = 61000; } # mosh
	57	];
	58	};
	59	};
	60	services.timesyncd.enable = false;
	61	services.chrony = {
	62	enable = true;
	63	servers = [];
	64	extraConfig = ''
	65	pool time.cloudflare.com iburst nts
	66	pool nts.ntp.se iburst nts
	67	server nts.sth1.ntp.se iburst nts
	68	server nts.sth2.ntp.se iburst nts
	69	server ptbtime1.ptb.de iburst nts
	70	server ptbtime2.ptb.de iburst nts
	71	server ptbtime3.ptb.de iburst nts
	72
	73	makestep 0.1 3
	74
	75	cmdport 0
	76	'';
	77	};
	78
	79	services.openssh = {
	80	enable = true;
	81	passwordAuthentication = false;
	82	challengeResponseAuthentication = false;
	83	extraConfig = ''
	84	AllowGroups ssh
	85	'';
	86	};
	87	users.groups."ssh" = {
	88	members = ["root"];
	89	};
	90
	91	security.sudo.extraConfig = ''
	92	Defaults lecture = never
	93	'';
	94
	95	nix.gc = {
	96	automatic = true;
	97	options = "--delete-older-than 30d";
	98	};
	99	};
	100	}