From 99ee3e18f337218fff3bb2970df60e78978ef523 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 15 May 2021 15:47:54 +0200 Subject: surtr --- hosts/surtr/default.nix | 105 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 hosts/surtr/default.nix (limited to 'hosts/surtr') diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix new file mode 100644 index 00000000..b3a55dac --- /dev/null +++ b/hosts/surtr/default.nix @@ -0,0 +1,105 @@ +{ flake, pkgs, ... }: +{ + imports = with flake.nixosModules.systemProfiles; [ + qemu-guest openssh + ]; + + config = { + nixpkgs = { + system = "x86_64-linux"; + }; + + networking.hostId = "a64cf4d7"; + environment.etc."machine-id".text = "a64cf4d793ab0a0ed3892ead609fc0bc"; + + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + timeout = null; + }; + + kernelPackages = pkgs.linuxPackages_latest; + + tmpOnTmpfs = true; + + supportedFilesystems = [ "zfs" ]; + }; + + fileSystems = { + "/" = { + fsType = "tmpfs"; + options = [ "mode=0755" ]; + }; + + "/boot" = + { device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; + + "/nix" = + { device = "surtr/local/nix"; + fsType = "zfs"; + }; + + "/root" = + { device = "surtr/safe/home-root"; + fsType = "zfs"; + neededForBoot = true; + }; + + "/var/log" = + { device = "surtr/local/var-log"; + fsType = "zfs"; + }; + + "/home" = + { device = "surtr/safe/home"; + fsType = "zfs"; + }; + }; + + networking = { + hostName = "surtr"; + domain = "muspelheim.yggdrasil"; + search = [ "muspelheim.yggdrasil" "yggdrasil" ]; + + enableIPv6 = true; + dhcpcd.enable = false; + useDHCP = false; + useNetworkd = true; + defaultGateway = { address = "202.61.240.1"; }; + defaultGateway6 = { address = "fe80::1"; }; + interfaces."ens3" = { + ipv4.addresses = [ + { address = "202.61.241.61"; prefixLength = 22; } + ]; + ipv6.addresses = [ + { address = "2a03:4000:52:ada::"; prefixLength = 64; } + ]; + }; + + firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ + 22 # ssh + ]; + allowedUDPPortRanges = [ + { from = 60000; to = 61000; } # mosh + ]; + }; + }; + + services.openssh = { + passwordAuthentication = false; + challengeResponseAuthentication = false; + extraConfig = '' + AllowGroups ssh + ''; + }; + users.groups."ssh" = { + members = ["root"]; + }; + }; +} -- cgit v1.2.3