spoody/server-configuration
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

AIGHR

Browse source
This commit is contained in:
Snorre Ettrup Altschul 2025-02-28 23:13:51 +01:00
commit 8c47a51a41
6 changed files with 343 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

104
configuration.nix Normal file
View file

@ -0,0 +1,104 @@
{
pkgs,
inputs,
modulesPath,
lib,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix") # Temporary
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = "x86_64-linux";
hardware.cpu.intel.updateMicrocode = true;
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
timeout = 0;
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.gc = {
automatic = true;
options = "--delete-older-than 30d";
};
nix.optimise = {
automatic = true;
dates = ["05:00"];
};
networking.hostName = "enis";
networking.hostId = "2ead098f";
networking.networkmanager.enable = true;
networking.firewall = {
enable = true;
allowedTCPPorts = [];
allowedUDPPorts = [];
};
home-manager = {
extraSpecialArgs = {inherit inputs;};
users = {
"enis" = import ./home.nix;
};
};
users.users."enis" = {
isNormalUser = true;
hashedPasswordFile = "./password";
extraGroups = [
"networkmanager"
"audio"
"wheel"
];
shell = pkgs.zsh;
};
programs.zsh = {
enable = true;
enableGlobalCompInit = true;
};
programs.ssh.startAgent = true;
programs.nano.enable = false;
environment.systemPackages = with pkgs; [
wget
curl
git
vim
];
environment.variables = {
EDITOR = "vim";
};
time.timeZone = "Europe/Copenhagen";
security.sudo = {
enable = true;
extraConfig = ''
Defaults lecture = never
'';
};
programs.mtr.enable = true;
programs.gnupg.agent.enable = true;
services.thermald.enable = true;
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
AllowUsers = ["enis"];
PermitRootLogin = "no";
};
};
system.stateVersion = "24.11";
}

110
disko.nix Normal file
View file

@ -0,0 +1,110 @@
{ lib
, root-disk ? "Expected a mf disk brother"
, raid-disks ? "Expected disks for raid"
, ...
}: {
disko.devices = {
disk =
{
root = {
type = "disk";
device = root-disk;
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
}
// lib.attrsets.genAttrs raid-disks (
name: {
device = "/dev/" + name;
content = {
type = "gpt";
partitions.raid-pool = {
size = "100%";
content = {
type = "zfs";
pool = "zraid";
};
};
};
}
);
zpool = {
zroot = {
type = "zpool";
rootFsOptions = {
mountpoint = "none";
compression = "zstd";
acltype = "posixacl";
xattr = "sa";
"com.sun:auto-snapshot" = "false";
};
options = {
ashift = "12";
};
datasets = {
"root" = {
type = "zfs_fs";
options = {
# encryption = "aes-256-gcm";
# keyformat = "passphrase";
# keylocation = "prompt";
};
mountpoint = "/";
};
"root/nix" = {
type = "zfs_fs";
options.mountpoint = "/nix";
mountpoint = "/nix";
};
};
};
zraid = lib.mkIf (builtins.length raid-disks > 0) {
type = "zpool";
mode = "raidz";
options = {
ashift = "12";
autotrim = "on";
autoexpand = "on";
};
rootFsOptions = {
compression = "zstd";
mountpoint = "none";
};
datasets = {
"var" = {
type = "zfs_fs";
mountpoint = "/var";
};
"home" = {
type = "zfs_fs";
mountpoint = "/home";
};
};
};
};
};
}

69
flake.lock Normal file
View file

@ -0,0 +1,69 @@
{
"nodes": {
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1740485968,
"narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=",
"owner": "nix-community",
"repo": "disko",
"rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1740699498,
"narHash": "sha256-r9hkKzX99CGiP1ZqH0e+SWKK4CMsRNRLyotuwrUjhTI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "b71edac7a3167026aabea82a54d08b1794088c21",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1740560979,
"narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5135c59491985879812717f4c9fea69604e7f26f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"disko": "disko",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

45
flake.nix Normal file
View file

@ -0,0 +1,45 @@
{
description = "Configuration for NAS Server";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
self,
nixpkgs,
...
} @ inputs: let
system = "x86_64-linux";
pkgs = import nixpkgs {inherit system;};
in {
formatter.${system} = pkgs.alejandra;
nixosConfigurations = {
server = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs;};
modules = [
inputs.disko.nixosModules.default
(import ./disko.nix {
lib = pkgs.lib;
root-disk = "/dev/vda";
raid-disks = [];
})
inputs.home-manager.nixosModules.default
./configuration.nix
];
};
};
};
}

14
home.nix Normal file
View file

@ -0,0 +1,14 @@
{...}: {
imports = [];
home.username = "enis";
home.homeDirectory = "/home/enis";
programs.home-manager.enable = true;
home.sessionVariables = {
EDITOR = "vim";
};
home.stateVersion = "24.11";
}

1
passwd Normal file
View file

@ -0,0 +1 @@
$y$j9T$rflI.YoiFDa7wg2F2rmgy1$uCLInRwRKmUIUYlhdHFUwBf0yhnRUK9eTVMvX8UjCz3