From b42f9f12aedf4dbedb0fb2a7d00dda4b5408d068 Mon Sep 17 00:00:00 2001 From: sefidel Date: Fri, 12 Jan 2024 00:17:18 +0900 Subject: feat(systems/v-conoha1): init --- systems/v-conoha1/default.nix | 91 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 systems/v-conoha1/default.nix (limited to 'systems/v-conoha1/default.nix') diff --git a/systems/v-conoha1/default.nix b/systems/v-conoha1/default.nix new file mode 100644 index 0000000..c07da7a --- /dev/null +++ b/systems/v-conoha1/default.nix @@ -0,0 +1,91 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + ipv4 = { + address = "157.7.86.101"; + gateway = "157.7.86.1"; + netmask = "255.255.254.0"; + prefixLength = 23; # https://www.pawprint.net/designresources/netmask-converter.php + }; + ipv6 = { + address = "2400:8500:1302:3157:157:7:86:101"; + gateway = "2400:8500:1302:3157::1"; + prefixLength = 64; + }; + networkInterface = "ens3"; + hostName = "v-conoha1"; + hostId = "586eb5d0"; + hostAddr = "v-conoha1.sefidel.net"; + + sefidelKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILN14b5Fu+StHeMXq4ClyLG4G+/vCAfS7adxceEFria/ openpgp:0x1D5BCD11" ]; + maintainerKeys = [ ] ++ sefidelKeys; +in +{ + deployment = { + targetHost = hostAddr; + targetPort = 22; + targetUser = "root"; + }; + + imports = [ ./hardware-configuration.nix ]; + + networking.hostId = hostId; + + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/vda"; + + boot.kernelParams = [ + # See for documentation. + # ip=::::::::: + # The server ip refers to the NFS server -- not needed in this case. + "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8" + ]; + + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + + networking.hostName = hostName; + + networking.useDHCP = false; + networking.interfaces.${networkInterface} = { + ipv4 = { addresses = [{ address = ipv4.address; prefixLength = ipv4.prefixLength; }]; }; + ipv6 = { addresses = [{ address = ipv6.address; prefixLength = ipv6.prefixLength; }]; }; + }; + networking.defaultGateway = ipv4.gateway; + networking.defaultGateway6 = { address = ipv6.gateway; interface = networkInterface; }; + networking.nameservers = [ "8.8.8.8" ]; + + networking.firewall.enable = true; + + time.timeZone = "UTC"; + + sops.secrets.root-password.neededForUsers = true; + + users.users.root.hashedPasswordFile = config.sops.secrets.root-password.path; + users.users.root.openssh.authorizedKeys.keys = maintainerKeys; + + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "prohibit-password"; + + nix.flakes.enable = true; + + modules = { + security.enable = true; + persistence.enable = false; + cachix.enable = true; + + sops.enable = true; + + services.tailscale.enable = true; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.05"; # Did you read the comment? +} + -- cgit 1.4.1