roles & snorlex

8 files changed, 187 insertions, 40 deletions

diff --git a/hosts/disk-config/zfs-impermanence.nix b/hosts/disk-config/zfs-impermanence.nix
new file mode 100644
index 0000000..9087825
--- /dev/null
+++ b/hosts/disk-config/zfs-impermanence.nix
@@ -0,0 +1,80 @@
+# USAGE in your configuration.nix.
+# Update devices to match your hardware.
+# {
+#  imports = [ ./disko-config.nix ];
+#  disko.devices.disk.main.device = "/dev/sda";
+# }
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "1G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            zfs = {
+              size = "100%";
+              content = {
+                type = "zfs";
+                pool = "zroot";
+              };
+            };
+          };
+        };
+      };
+    };
+    zpool = {
+      zroot = {
+        type = "zpool";
+        rootFsOptions = {
+          # https://wiki.archlinux.org/title/Install_Arch_Linux_on_ZFS
+          acltype = "posixacl";
+          atime = "off";
+          compression = "zstd";
+          mountpoint = "none";
+          xattr = "sa";
+        };
+        options.ashift = "12";
+
+        datasets = {
+          "local" = {
+            type = "zfs_fs";
+            options.mountpoint = "none";
+          };
+          "local/home" = {
+            type = "zfs_fs";
+            mountpoint = "/home";
+            # Used by services.zfs.autoSnapshot options.
+            options."com.sun:auto-snapshot" = "true";
+          };
+          "local/nix" = {
+            type = "zfs_fs";
+            mountpoint = "/nix";
+            options."com.sun:auto-snapshot" = "false";
+          };
+          "local/persist" = {
+            type = "zfs_fs";
+            mountpoint = "/persist";
+            options."com.sun:auto-snapshot" = "false";
+          };
+          "local/root" = {
+            type = "zfs_fs";
+            mountpoint = "/";
+            options."com.sun:auto-snapshot" = "false";
+            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/local/root@blank$' || zfs snapshot zroot/local/root@blank";
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/hosts/hardware-configuration/snorlex.nix b/hosts/hardware-configuration/snorlex.nix
new file mode 100644
index 0000000..77df044
--- /dev/null
+++ b/hosts/hardware-configuration/snorlex.nix
@@ -0,0 +1,32 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "uas" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/f8724a86-f440-49a2-a6df-8183b451449c";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/hosts/snorlex.nix b/hosts/snorlex.nix
new file mode 100644
index 0000000..9ba6e6c
--- /dev/null
+++ b/hosts/snorlex.nix
@@ -0,0 +1,9 @@
+{ ... }:
+{
+  imports = [
+    ./hardware-configuration/snorlex.nix
+    ../roles/server.nix
+  ];
+
+  system.stateVersion = "24.05";
+}
diff --git a/hosts/tarreltaart.nix b/hosts/tarreltaart.nix
index edcb5fd..42461f6 100644
--- a/hosts/tarreltaart.nix
+++ b/hosts/tarreltaart.nix
@@ -1,45 +1,16 @@
-{ pkgs, ... }:
+{ ... }:
 {
-  imports = [ ./hardware-configuration/tarreltaart.nix ];
-    # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
-  boot.loader.grub.enable = false;
-  # Enables the generation of /boot/extlinux/extlinux.conf
-  boot.loader.generic-extlinux-compatible.enable = true;
-
-  networking.hostName = "tarreltaart"; # Define your hostname.
-  time.timeZone = "Europe/Amsterdam";
-
-  users.users.jras = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-    packages = with pkgs; [
-      tree
-    ];
-  };
-  users.users.git.isNormalUser = true;
+  imports = [
+    ./hardware-configuration/tarreltaart.nix
+    ../roles/server.nix
+    ../roles/git-server.nix
+  ];
 
- environment.systemPackages = with pkgs; [
-   git
-   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-   wget
- ];
-  programs.mtr.enable = true;
-  services.openssh = {
-    enable = true;
-    allowSFTP = false;
-    settings = {
-      PermitRootLogin = "no";
-      AllowUsers = [ "jras" "git" ];
-    };
-  };
-  services.gitea = {
-    enable = true;
-    appName = "JAP56 Git Server";
-  };
+  system.stateVersion = "24.11";
 
-  networking.firewall.allowedTCPPorts = [ 22 ];
-
-  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
-  system.stateVersion = "24.11"; # Did you read the comment?
+  networking.hostName = "tarreltaart";
+  time.timeZone = "Europe/Amsterdam";
 
+  boot.loader.grub.enable = false;
+  boot.loader.generic-extlinux-compatible.enable = true;
 }
diff --git a/roles/base.nix b/roles/base.nix
new file mode 100644
index 0000000..6fc0d24
--- /dev/null
+++ b/roles/base.nix
@@ -0,0 +1,4 @@
+{ ... }:
+{
+	nixpkgs.config.allowUnfree = true;
+}
diff --git a/roles/desktop.nix b/roles/desktop.nix
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/roles/desktop.nix
@@ -0,0 +1 @@
+
diff --git a/roles/git-server.nix b/roles/git-server.nix
new file mode 100644
index 0000000..aea0b18
--- /dev/null
+++ b/roles/git-server.nix
@@ -0,0 +1,9 @@
+{ ... }:
+{
+  users.users.git.isNormalUser = true;
+  services.openssh.AllowUsers = [ "git" ];
+  services.gitea = {
+    enable = true;
+    appName = "JAP56 Git Server";
+  };
+}
diff --git a/roles/server.nix b/roles/server.nix
new file mode 100644
index 0000000..c7321ee
--- /dev/null
+++ b/roles/server.nix
@@ -0,0 +1,41 @@
+{ pkgs, ... }:
+{
+  imports = [ ./base.nix ];
+
+  users.users.jras = {
+    createHome = true;
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    shell = pkgs.zsh;
+    packages = with pkgs; [ git helix curl ];
+  };
+
+  programs.mtr.enable = true;
+
+  services.openssh = {
+    enable = true;
+    allowSFTP = false;
+    settings = {
+      PermitRootLogin = "no";
+      AllowUsers = [ "jras" ];
+    };
+  };
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "nl_NL.UTF-8";
+    LC_IDENTIFICATION = "nl_NL.UTF-8";
+    LC_MEASUREMENT = "nl_NL.UTF-8";
+    LC_MONETARY = "nl_NL.UTF-8";
+    LC_NAME = "nl_NL.UTF-8";
+    LC_NUMERIC = "nl_NL.UTF-8";
+    LC_PAPER = "nl_NL.UTF-8";
+    LC_TELEPHONE = "nl_NL.UTF-8";
+    LC_TIME = "nl_NL.UTF-8";
+  };
+
+  services.xserver = {
+    layout = "us";
+    xkbVariant = "";
+  };
+}