hosts/helios: add initial disko config

2025-08-23 21:39:28 +01:00
6 changed files with 122 additions and 92 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -229,11 +229,11 @@
    "firefox-gnome-theme": {
      "flake": false,
      "locked": {
-        "lastModified": 1756003806,
-        "narHash": "sha256-LnSZjUAXoQ6C4kw5PELOE1cmRzTF7pJ4fdi7E4NZl/E=",
+        "lastModified": 1755874650,
+        "narHash": "sha256-ClHCtrzwU6TIfK0qOzAsfPY4swrpbZ8SwUpBpVwphaY=",
        "owner": "rafaelmardojai",
        "repo": "firefox-gnome-theme",
-        "rev": "99f0c72d0073f7c8057cd41b03aadec3af68fbeb",
+        "rev": "6fafa0409ad451b90db466f900b7549a1890bf1a",
        "type": "github"
      },
      "original": {
@@ -605,11 +605,11 @@
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1756022257,
-        "narHash": "sha256-BVYvquLQY3VjkqosOrLBPLUo2AwujQGS40DTuHYsYdg=",
+        "lastModified": 1755883465,
+        "narHash": "sha256-/yviTS9piazXoZAmnN0dXnYjDAFvooBnzJfPw2Gi30Y=",
        "owner": "hyprwm",
        "repo": "Hyprland",
-        "rev": "ced38b1b0f46f9fbdf9d37644d27bdbd2a29af1d",
+        "rev": "0d45b277d6c750377b336034b8adc53eae238d91",
        "type": "github"
      },
      "original": {
@@ -1008,11 +1008,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1755922037,
-        "narHash": "sha256-wY1+2JPH0ZZC4BQefoZw/k+3+DowFyfOxv17CN/idKs=",
+        "lastModified": 1755704039,
+        "narHash": "sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "b1b3291469652d5a2edb0becc4ef0246fff97a7c",
+        "rev": "9cb344e96d5b6918e94e1bca2d9f3ea1e9615545",
        "type": "github"
      },
      "original": {
@@ -1100,11 +1100,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1755960406,
-        "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=",
+        "lastModified": 1755879220,
+        "narHash": "sha256-2KZl6cU5rzEwXKMW369kLTzinJXXkF3TRExA6qEeVbc=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2",
+        "rev": "3ff4596663c8cbbffe06d863ee4c950bce2c3b78",
        "type": "github"
      },
      "original": {
@@ -1143,11 +1143,11 @@
    "secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1756051653,
-        "narHash": "sha256-JJkQliqI7zn+esLnKQP82eQEuolNz8IELm/BYGPTvEw=",
+        "lastModified": 1755887038,
+        "narHash": "sha256-HoEMwFfR3rwNxwJjFCbj3rfW8k6EabHuMJAZOwsT95c=",
        "ref": "refs/heads/master",
-        "rev": "01cf200f61946ac9f259f9163933ea1749cb3531",
-        "revCount": 41,
+        "rev": "9e47b557087ebde3a30c9f97189d110c29d144fd",
+        "revCount": 40,
        "type": "git",
        "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
      },
--- a/hosts/helios/default.nix
+++ b/hosts/helios/default.nix
@@ -1,4 +1,5 @@
 {
+  inputs,
  pkgs,
  lib,
  ...
@@ -9,7 +10,9 @@ let
 in
 {
  imports = [
+    inputs.disko.nixosModules.disko
    ./hardware-configuration.nix
+    ./disko-config.nix
    ../desktop.nix
    ../../users/jordan
  ];
--- a/hosts/helios/disko-config.nix
+++ b/hosts/helios/disko-config.nix
@@ -0,0 +1,101 @@
+{ ... }:
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/disk/by-id/ata-SanDisk_Ultra_II_480GB_162224802391";
+        content = {
+          type = "gpt";
+          partitions = {
+            MBR = {
+              size = "1M";
+              type = "EF02"; # For GRUB MBR
+            };
+            boot = {
+              size = "500M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            zfs = {
+              size = "100%";
+              content = {
+                type = "zfs";
+                pool = "rpool";
+              };
+            };
+          };
+        };
+      };
+    };
+    zpool = {
+      rpool = {
+        type = "zpool";
+        options = {
+          ashift = "12";
+        };
+        rootFsOptions = {
+          compression = "zstd";
+          acltype = "posix";
+          atime = "off";
+          xattr = "sa";
+          dnodesize = "auto";
+          mountpoint = "none";
+          canmount = "off";
+          devices = "off";
+          exec = "off";
+          setuid = "off";
+        };
+        datasets = {
+          "local" = {
+            type = "zfs_fs";
+          };
+          "local/root" = {
+            type = "zfs_fs";
+            mountpoint = "/";
+            options = {
+              canmount = "noauto";
+              mountpoint = "/";
+              exec = "on";
+              setuid = "on";
+            };
+            postCreateHook = "zfs snapshot rpool/local/root@blank";
+          };
+          "local/nix" = {
+            type = "zfs_fs";
+            mountpoint = "/nix";
+            options = {
+              canmount = "noauto";
+              mountpoint = "/nix";
+              exec = "on";
+              setuid = "on";
+            };
+          };
+          "local/state" = {
+            type = "zfs_fs";
+            mountpoint = "/state";
+            options = {
+              canmount = "noauto";
+              mountpoint = "/state";
+            };
+          };
+          "safe" = {
+            type = "zfs_fs";
+          };
+          "safe/persist" = {
+            type = "zfs_fs";
+            mountpoint = "/persist";
+            options = {
+              canmount = "noauto";
+              mountpoint = "/persist";
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/hosts/vps1/README.md
+++ b/hosts/vps1/README.md
@@ -6,8 +6,8 @@ VPS hosted in OVH.

 ## Specs

- CPU - 4 vCores
- Memory - 4 GB
+- CPU - ??
+- Memory - ??

 ### Disks

--- a/hosts/vps1/default.nix
+++ b/hosts/vps1/default.nix
@@ -12,7 +12,6 @@
    ./matrix.nix
    ./nginx.nix
    ./photoprism.nix
-    ./vaultwarden.nix
    ../server.nix
  ];

--- a/hosts/vps1/vaultwarden.nix
+++ b/hosts/vps1/vaultwarden.nix
@@ -1,73 +0,0 @@
-{
-  inputs,
-  config,
-  lib,
-  ...
-}:
-let
-  inherit (lib)
-    mkForce
-    ;
-  baseDomain = "vimium.com";
-  domain = "vaultwarden.${baseDomain}";
-in
-{
-  age.secrets."files/services/vaultwarden/envfile" = {
-    file = "${inputs.secrets}/files/services/vaultwarden/envfile.age";
-  };
-
-  services.vaultwarden = {
-    enable = true;
-    dbBackend = "sqlite";
-    backupDir = "/var/cache/vaultwarden-backup";
-    config = {
-      dataFolder = mkForce "/var/lib/vaultwarden";
-      useSysLog = true;
-      webVaultEnabled = true;
-
-      rocketPort = 8222;
-
-      signupsAllowed = false;
-      passwordIterations = 1000000;
-      invitationsAllowed = true;
-      invitationOrgName = "Vaultwarden";
-      domain = "https://${domain}";
-    };
-    environmentFile = config.age.secrets."files/services/vaultwarden/envfile".path;
-  };
-
-  services.nginx.virtualHosts = {
-    "${domain}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}";
-        proxyWebsockets = true;
-      };
-    };
-  };
-
-  systemd.services.backup-vaultwarden.environment.DATA_FOLDER = mkForce "/var/lib/vaultwarden";
-  systemd.services.vaultwarden.serviceConfig = {
-    StateDirectory = mkForce "vaultwarden";
-    RestartSec = "60";
-  };
-
-  environment.persistence."/persist".directories = [
-    {
-      directory = "/var/lib/vaultwarden";
-      user = "vaultwarden";
-      group = "vaultwarden";
-      mode = "0700";
-    }
-  ];
-
-  environment.persistence."/state".directories = [
-    {
-      directory = config.services.vaultwarden.backupDir;
-      user = "vaultwarden";
-      group = "vaultwarden";
-      mode = "0700";
-    }
-  ];
-}