hosts/vps2: init
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m26s
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m26s
This commit is contained in:
8
flake.lock
generated
8
flake.lock
generated
@@ -1000,11 +1000,11 @@
|
||||
"secrets": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1752936308,
|
||||
"narHash": "sha256-OAlj8oJpcKo9cCIwxzMolnwdfczlovvC1y1MeIpDPYM=",
|
||||
"lastModified": 1753994653,
|
||||
"narHash": "sha256-kVd17w6oo9dbZfgZXMMPEssspp8vAr32G5U8VnfuIFc=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "eddee7a0b83063ba60c0dd49fc18399b6564559d",
|
||||
"revCount": 36,
|
||||
"rev": "e0cb8c5b8de3f61fbef13c80219715f2e3e5ffb5",
|
||||
"revCount": 39,
|
||||
"type": "git",
|
||||
"url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
|
||||
},
|
||||
|
||||
31
hosts/vps2/default.nix
Normal file
31
hosts/vps2/default.nix
Normal file
@@ -0,0 +1,31 @@
|
||||
{
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
imports = [
|
||||
inputs.disko.nixosModules.disko
|
||||
./hardware-configuration.nix
|
||||
./disko-config.nix
|
||||
../server.nix
|
||||
];
|
||||
|
||||
nixpkgs = {
|
||||
hostPlatform = "x86_64-linux";
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostId = "60de4af8";
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [
|
||||
22 # SSH
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
modules.services.tailscale.isExitNode = true;
|
||||
|
||||
system.stateVersion = "25.05";
|
||||
}
|
||||
55
hosts/vps2/disko-config.nix
Normal file
55
hosts/vps2/disko-config.nix
Normal file
@@ -0,0 +1,55 @@
|
||||
{ lib, ... }:
|
||||
{
|
||||
disko.devices = {
|
||||
disk.disk1 = {
|
||||
device = lib.mkDefault "/dev/sda";
|
||||
type = "disk";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = {
|
||||
name = "boot";
|
||||
size = "2M";
|
||||
type = "EF02";
|
||||
};
|
||||
esp = {
|
||||
name = "ESP";
|
||||
size = "300M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
};
|
||||
root = {
|
||||
name = "root";
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "lvm_pv";
|
||||
vg = "pool";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
lvm_vg = {
|
||||
pool = {
|
||||
type = "lvm_vg";
|
||||
lvs = {
|
||||
root = {
|
||||
size = "100%FREE";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
mountOptions = [
|
||||
"defaults"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
29
hosts/vps2/hardware-configuration.nix
Normal file
29
hosts/vps2/hardware-configuration.nix
Normal file
@@ -0,0 +1,29 @@
|
||||
{
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [
|
||||
"ata_piix"
|
||||
"uhci_hcd"
|
||||
"xen_blkfront"
|
||||
"vmw_pvscsi"
|
||||
];
|
||||
kernelModules = [ "nvme" ];
|
||||
};
|
||||
loader.grub = {
|
||||
efiSupport = true;
|
||||
efiInstallAsRemovable = true;
|
||||
};
|
||||
tmp.cleanOnBoot = true;
|
||||
};
|
||||
|
||||
zramSwap.enable = true;
|
||||
}
|
||||
@@ -17,6 +17,14 @@ in
|
||||
default = false;
|
||||
example = true;
|
||||
};
|
||||
isExitNode = lib.mkOption {
|
||||
default = false;
|
||||
example = true;
|
||||
};
|
||||
useExitNode = lib.mkOption {
|
||||
default = false;
|
||||
example = true;
|
||||
};
|
||||
restrictSSH = lib.mkOption {
|
||||
default = true;
|
||||
example = true;
|
||||
@@ -37,7 +45,8 @@ in
|
||||
extraUpFlags = [
|
||||
"--login-server"
|
||||
headscale
|
||||
];
|
||||
]
|
||||
++ (if cfg.isExitNode then [ "--advertise-exit-node" ] else [ ]);
|
||||
};
|
||||
|
||||
services.openssh.openFirewall = !cfg.restrictSSH;
|
||||
|
||||
Reference in New Issue
Block a user