WRK
/
nixfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: initial commit, add flake and host 'backstage'

This commit is contained in:
transcaffeine 2025-03-30 19:43:10 +00:00
commit 4c89c45e3e
Signed by: transcaffeine
GPG Key ID: 03624C433676E465
7 changed files with 241 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
flake.lock Normal file
View File

@ -0,0 +1,44 @@
{
"nodes": {
"nixos-hardware": {
"locked": {
"lastModified": 1743420942,
"narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1743501102,
"narHash": "sha256-7PCBQ4aGVF8OrzMkzqtYSKyoQuU2jtpPi4lmABpe5X4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "02f2af8c8a8c3b2c05028936a1e84daefa1171d4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

17
flake.nix Normal file
View File

@ -0,0 +1,17 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
};
outputs = inputs @ { self, nixpkgs, ... }: {
nixosConfigurations.backstage = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/backstage
];
specialArgs = { inherit inputs; };
};
};
}

94
hosts/backstage/configuration.nix Normal file
View File

@ -0,0 +1,94 @@
{ config, lib, pkgs, ... }:
{
imports =
[
../../services/sshd
];
# Use the systemd-boot EFI boot loader.
boot = {
loader = {
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
};
initrd = {
network = {
enable = true;
ssh = {
enable = true;
port = 22;
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
hostKeys = [
"/boot/efi/initrd_id_ed25519"
"/boot/efi/initrd_id_rsa4096"
];
};
};
systemd = {
enable = true;
network = {
enable = true;
networks."10-dhcp" = {
matchConfig.Name = "enp1s0";
DHCP = "yes";
};
};
targets.initrd.wants = [
"systemd-networkd-wait-online@enp1s0.service"
];
users.root.shell = "/bin/systemd-tty-ask-password-agent";
};
};
};
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
environment.systemPackages = with pkgs; [
vim
git
tmux
htop
];
users.users.root = {
openssh.authorizedKeys.keys = [
''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCnjrKWYc0bcIsTkdpyC+yAsxSeY9M1WxVDNm3I/R3BYqyvfFuzJMQyh5APhM52yKGMN9UOuJPNPz0C4P6EY3iC3ZqUHFJ6ILrZZxdLZBVxdy2F19Xv6XcZkZxLpRKWapVFECF5z/Bi0rg1uzNRyrHjfZWcHfHIvlqxUYiitvvTbbSMQKqEV8wlnshSzBoYzaKtV1+crwlgz6wCnXq8HIupEeWfUc9kc+zunpYnuHnU5Z3HhzQGBuIiPoVritDjOo7qYREftV4qQ15xFWdezsMZlR15edwZeyNdAEx044QgaGddC8uEMoi5cp4APIqH1cEkIvSU6Y+esdgZ4CHU6M5G5ub5PTT2TaKoUMLLFtpW6QImjVApixFTHWR7tUhqInplWWLqvviS4MoI1ppxgcDUg/bgPdeDBsoRkbESr2uT8ResNi9DlPlN2rlUjlb28awzHm7agFhwfPQZ1afnFSUh0tTFz1WeR7xIGhxR1xXc8sapJhgLnYYWpR2NaJzbYYdk7CWW/3rgEsJem7Kvll6HevnFgRP/uVhEyGZl9hw+tECzvwB/LEmQ/4raDMxqOB9XO9kusJX/jTnQIObrFubfKn3ToXlYbQxZX9+QobANvQ8huILz1bBeH8aKjf9RXu+j4VNyoCKhzU/v0MIdRCsgVWgjuYXMGRo0MFMFyMqQiw==''
];
};
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# tree
# ];
# };
# List services that you want to enable:
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
system.stateVersion = "24.11"; # Did you read the comment?
}

9
hosts/backstage/default.nix Normal file
View File

@ -0,0 +1,9 @@
{ config, lib, pkgs, modulesPath, ...}:
{
imports = [
./hardware-configuration.nix
./configuration.nix
./network.nix
];
}

57
hosts/backstage/hardware-configuration.nix Normal file
View File

@ -0,0 +1,57 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "virtio_pci" "r8169" ];
kernelModules = [ "dm-snapshot" ];
luks.devices."backstage" = {
preLVM = true;
device = "/dev/disk/by-uuid/7f3ccd2d-8022-491e-baa1-675805919fd7";
};
};
kernelModules = [ "kvm-intel" ];
kernelParams = [
"zfs.zfs_arc_max=1024000000"
];
};
fileSystems."/" =
{ device = "zpool/root";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "zpool/home";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "zpool/nix";
fsType = "zfs";
};
fileSystems."/nix/store" =
{ device = "zpool/nix/store";
fsType = "zfs";
};
fileSystems."/boot/efi" =
{ device = "/dev/disk/by-uuid/4E32-FA6E";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [
{
device = "/dev/mapper/backstage-swap";
}
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

10
hosts/backstage/network.nix Normal file
View File

@ -0,0 +1,10 @@
{ config, lib, pkgs, modulesPath, ... }:
{
networking = {
useNetworkd = true;
useDHCP = lib.mkDefault true;
hostName = "backstage";
hostId = "0ccd2304";
};
}

10
services/sshd/default.nix Normal file
View File

@ -0,0 +1,10 @@
{pkgs, ...}:
{
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = true;
PermitRootLogin = "yes";
};
};
}