nix-conf/systems/hetzner/default.nix

195 lines
4.5 KiB
Nix
Raw Normal View History

2024-02-07 23:19:26 +01:00
{ config, pkgs, lib, self, ... }:
2024-01-18 20:12:43 +01:00
{
2024-02-07 23:19:26 +01:00
imports = [
self.inputs.srvos.nixosModules.server
self.inputs.srvos.nixosModules.hardware-hetzner-online-amd
self.inputs.srvos.nixosModules.mixins-nginx
2024-04-18 17:26:19 +02:00
self.inputs.impermanence.nixosModules.impermanence
2024-02-07 23:19:26 +01:00
];
2024-01-18 20:12:43 +01:00
jopejoe1 = {
local.enable = true;
nix.enable = true;
user = {
jopejoe1.enable = true;
root.enable = true;
};
ssh.enable = true;
};
boot.initrd.availableKernelModules = [ "ahci" "nvme" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.loader = {
grub = {
enable = true;
};
};
2024-02-07 23:19:26 +01:00
systemd.network.networks."10-uplink".networkConfig.Address = " 2a01:4f8:a0:31e5::/64";
2024-01-18 20:12:43 +01:00
time.timeZone = "Europe/Berlin";
services.openssh.settings.PermitRootLogin = lib.mkForce "yes";
2024-02-07 23:19:26 +01:00
services.openssh.ports = [ 22 ];
2024-01-24 20:50:43 +01:00
2024-04-18 17:26:19 +02:00
users.mutableUsers = false;
users.users.jopejoe1.hashedPassword = "$2b$05$Uk84TY/RHlH8DIigUlFYjeorjTlCMEY9wN2pAcw5BLaPoc7dKiSsC";
users.users.root.hashedPassword = "$2b$05$Uk84TY/RHlH8DIigUlFYjeorjTlCMEY9wN2pAcw5BLaPoc7dKiSsC";
home-manager.users = {
jopejoe1 = {
imports = [ self.inputs.impermanence.nixosModules.home-manager.impermanence ];
home.persistence."/nix/persistent/users/jopejoe1" = {
allowOther = false;
directories = [
"Downloads"
"Music"
"Pictures"
"Documents"
"Videos"
".gnupg"
".ssh"
".nixops"
".local/share/keyrings"
".local/share/direnv"
];
files = [
];
};
};
root = {
imports = [ self.inputs.impermanence.nixosModules.home-manager.impermanence ];
home.persistence."/nix/persistent/users/root" = {
allowOther = false;
directories = [
"Downloads"
"Music"
"Pictures"
"Documents"
"Videos"
".gnupg"
".ssh"
".nixops"
".local/share/keyrings"
".local/share/direnv"
];
files = [
];
};
};
};
environment.persistence."/nix/persistent/system" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
{ directory = "/var/lib/colord"; user = "colord"; group = "colord"; mode = "u=rwx,g=rx,o="; }
];
files = [
"/etc/machine-id"
{ file = "/var/keys/secret_file"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
{ file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
];
};
fileSystems = {
"/nix" = {
neededForBoot = true;
};
"/nix/persistent" = {
neededForBoot = true;
};
};
2024-01-18 20:12:43 +01:00
disko.devices = {
2024-04-18 17:26:19 +02:00
nodev = {
"/" = {
fsType = "tmpfs";
mountOptions = [
"defaults"
"size=25%"
"mode=755"
];
};
};
2024-01-18 20:12:43 +01:00
disk = {
2024-02-08 11:49:20 +01:00
vdb = {
2024-01-19 00:22:27 +01:00
type = "disk";
2024-02-07 23:19:26 +01:00
device = "/dev/nvme0n1";
2024-01-18 20:12:43 +01:00
content = {
2024-02-07 23:19:26 +01:00
type = "gpt";
partitions = {
boot = {
2024-02-08 11:49:20 +01:00
size = "1M";
type = "EF02"; # for grub MBR
2024-02-07 23:19:26 +01:00
};
2024-02-08 11:49:20 +01:00
mdadm = {
2024-02-07 23:19:26 +01:00
size = "100%";
2024-01-18 20:12:43 +01:00
content = {
2024-02-08 11:49:20 +01:00
type = "mdraid";
name = "raid0";
2024-01-18 20:12:43 +01:00
};
2024-02-07 23:19:26 +01:00
};
};
};
};
2024-02-08 11:49:20 +01:00
vdc = {
2024-02-07 23:19:26 +01:00
type = "disk";
device = "/dev/nvme1n1";
content = {
type = "gpt";
partitions = {
boot = {
2024-02-08 11:49:20 +01:00
size = "1M";
type = "EF02"; # for grub MBR
2024-02-07 23:19:26 +01:00
};
2024-02-08 11:49:20 +01:00
mdadm = {
2024-02-07 23:19:26 +01:00
size = "100%";
content = {
2024-02-08 11:49:20 +01:00
type = "mdraid";
name = "raid0";
2024-02-07 23:19:26 +01:00
};
};
};
};
};
};
mdadm = {
2024-02-08 11:49:20 +01:00
raid0 = {
2024-02-07 23:19:26 +01:00
type = "mdadm";
2024-02-08 11:49:20 +01:00
level = 0;
2024-02-07 23:19:26 +01:00
content = {
2024-02-08 11:49:20 +01:00
type = "gpt";
partitions = {
primary = {
size = "100%";
content = {
2024-04-18 17:26:19 +02:00
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/nix" = {
mountOptions = [ "compress=zstd" "noatime" ];
mountpoint = "/nix";
};
2024-04-19 17:48:50 +02:00
"/nix/persistent" = {
mountpoint = "/nix/persistent";
};
2024-04-18 17:26:19 +02:00
};
2024-02-08 11:49:20 +01:00
};
2024-02-07 23:19:26 +01:00
};
};
2024-01-18 20:12:43 +01:00
};
};
};
};
}