hosts/helios: add initial disko config

2025-08-23 21:39:28 +01:00
6 changed files with 122 additions and 92 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -229,11 +229,11 @@
    "firefox-gnome-theme": {
      "flake": false,
      "locked": {
-        "lastModified": 1756003806,
+        "lastModified": 1755874650,
-        "narHash": "sha256-LnSZjUAXoQ6C4kw5PELOE1cmRzTF7pJ4fdi7E4NZl/E=",
+        "narHash": "sha256-ClHCtrzwU6TIfK0qOzAsfPY4swrpbZ8SwUpBpVwphaY=",
        "owner": "rafaelmardojai",
        "repo": "firefox-gnome-theme",
-        "rev": "99f0c72d0073f7c8057cd41b03aadec3af68fbeb",
+        "rev": "6fafa0409ad451b90db466f900b7549a1890bf1a",
        "type": "github"
      },
      "original": {
@@ -605,11 +605,11 @@
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1756022257,
+        "lastModified": 1755883465,
-        "narHash": "sha256-BVYvquLQY3VjkqosOrLBPLUo2AwujQGS40DTuHYsYdg=",
+        "narHash": "sha256-/yviTS9piazXoZAmnN0dXnYjDAFvooBnzJfPw2Gi30Y=",
        "owner": "hyprwm",
        "repo": "Hyprland",
-        "rev": "ced38b1b0f46f9fbdf9d37644d27bdbd2a29af1d",
+        "rev": "0d45b277d6c750377b336034b8adc53eae238d91",
        "type": "github"
      },
      "original": {
@@ -1008,11 +1008,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1755922037,
+        "lastModified": 1755704039,
-        "narHash": "sha256-wY1+2JPH0ZZC4BQefoZw/k+3+DowFyfOxv17CN/idKs=",
+        "narHash": "sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "b1b3291469652d5a2edb0becc4ef0246fff97a7c",
+        "rev": "9cb344e96d5b6918e94e1bca2d9f3ea1e9615545",
        "type": "github"
      },
      "original": {
@@ -1100,11 +1100,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1755960406,
+        "lastModified": 1755879220,
-        "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=",
+        "narHash": "sha256-2KZl6cU5rzEwXKMW369kLTzinJXXkF3TRExA6qEeVbc=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2",
+        "rev": "3ff4596663c8cbbffe06d863ee4c950bce2c3b78",
        "type": "github"
      },
      "original": {
@@ -1143,11 +1143,11 @@
    "secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1756051653,
+        "lastModified": 1755887038,
-        "narHash": "sha256-JJkQliqI7zn+esLnKQP82eQEuolNz8IELm/BYGPTvEw=",
+        "narHash": "sha256-HoEMwFfR3rwNxwJjFCbj3rfW8k6EabHuMJAZOwsT95c=",
        "ref": "refs/heads/master",
-        "rev": "01cf200f61946ac9f259f9163933ea1749cb3531",
+        "rev": "9e47b557087ebde3a30c9f97189d110c29d144fd",
-        "revCount": 41,
+        "revCount": 40,
        "type": "git",
        "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
      },
--- a/hosts/helios/default.nix
+++ b/hosts/helios/default.nix
@@ -1,4 +1,5 @@
 {
  inputs,
  pkgs,
  lib,
  ...
@@ -9,7 +10,9 @@ let
 in
 {
  imports = [
    inputs.disko.nixosModules.disko
    ./hardware-configuration.nix
    ./disko-config.nix
    ../desktop.nix
    ../../users/jordan
  ];
--- a/hosts/helios/disko-config.nix
+++ b/hosts/helios/disko-config.nix
@@ -0,0 +1,101 @@
 { ... }:
 {
  disko.devices = {
    disk = {
      main = {
        type = "disk";
        device = "/dev/disk/by-id/ata-SanDisk_Ultra_II_480GB_162224802391";
        content = {
          type = "gpt";
          partitions = {
            MBR = {
              size = "1M";
              type = "EF02"; # For GRUB MBR
            };
            boot = {
              size = "500M";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
              };
            };
            zfs = {
              size = "100%";
              content = {
                type = "zfs";
                pool = "rpool";
              };
            };
          };
        };
      };
    };
    zpool = {
      rpool = {
        type = "zpool";
        options = {
          ashift = "12";
        };
        rootFsOptions = {
          compression = "zstd";
          acltype = "posix";
          atime = "off";
          xattr = "sa";
          dnodesize = "auto";
          mountpoint = "none";
          canmount = "off";
          devices = "off";
          exec = "off";
          setuid = "off";
        };
        datasets = {
          "local" = {
            type = "zfs_fs";
          };
          "local/root" = {
            type = "zfs_fs";
            mountpoint = "/";
            options = {
              canmount = "noauto";
              mountpoint = "/";
              exec = "on";
              setuid = "on";
            };
            postCreateHook = "zfs snapshot rpool/local/root@blank";
          };
          "local/nix" = {
            type = "zfs_fs";
            mountpoint = "/nix";
            options = {
              canmount = "noauto";
              mountpoint = "/nix";
              exec = "on";
              setuid = "on";
            };
          };
          "local/state" = {
            type = "zfs_fs";
            mountpoint = "/state";
            options = {
              canmount = "noauto";
              mountpoint = "/state";
            };
          };
          "safe" = {
            type = "zfs_fs";
          };
          "safe/persist" = {
            type = "zfs_fs";
            mountpoint = "/persist";
            options = {
              canmount = "noauto";
              mountpoint = "/persist";
            };
          };
        };
      };
    };
  };
 }
--- a/hosts/vps1/README.md
+++ b/hosts/vps1/README.md
@@ -6,8 +6,8 @@ VPS hosted in OVH.
 ## Specs
- CPU - 4 vCores
+- CPU - ??
- Memory - 4 GB
+- Memory - ??
 ### Disks
--- a/hosts/vps1/default.nix
+++ b/hosts/vps1/default.nix
@@ -12,7 +12,6 @@
    ./matrix.nix
    ./nginx.nix
    ./photoprism.nix
    ./vaultwarden.nix
    ../server.nix
  ];
--- a/hosts/vps1/vaultwarden.nix
+++ b/hosts/vps1/vaultwarden.nix
@@ -1,73 +0,0 @@
 {
  inputs,
  config,
  lib,
  ...
 }:
 let
  inherit (lib)
    mkForce
    ;
  baseDomain = "vimium.com";
  domain = "vaultwarden.${baseDomain}";
 in
 {
  age.secrets."files/services/vaultwarden/envfile" = {
    file = "${inputs.secrets}/files/services/vaultwarden/envfile.age";
  };
  services.vaultwarden = {
    enable = true;
    dbBackend = "sqlite";
    backupDir = "/var/cache/vaultwarden-backup";
    config = {
      dataFolder = mkForce "/var/lib/vaultwarden";
      useSysLog = true;
      webVaultEnabled = true;
      rocketPort = 8222;
      signupsAllowed = false;
      passwordIterations = 1000000;
      invitationsAllowed = true;
      invitationOrgName = "Vaultwarden";
      domain = "https://${domain}";
    };
    environmentFile = config.age.secrets."files/services/vaultwarden/envfile".path;
  };
  services.nginx.virtualHosts = {
    "${domain}" = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}";
        proxyWebsockets = true;
      };
    };
  };
  systemd.services.backup-vaultwarden.environment.DATA_FOLDER = mkForce "/var/lib/vaultwarden";
  systemd.services.vaultwarden.serviceConfig = {
    StateDirectory = mkForce "vaultwarden";
    RestartSec = "60";
  };
  environment.persistence."/persist".directories = [
    {
      directory = "/var/lib/vaultwarden";
      user = "vaultwarden";
      group = "vaultwarden";
      mode = "0700";
    }
  ];
  environment.persistence."/state".directories = [
    {
      directory = config.services.vaultwarden.backupDir;
      user = "vaultwarden";
      group = "vaultwarden";
      mode = "0700";
    }
  ];
 }