diff options
| author | Jasper Ras <jras@hostnet.nl> | 2025-02-16 11:28:10 +0100 |
|---|---|---|
| committer | Jasper Ras <jras@hostnet.nl> | 2025-02-16 19:39:02 +0100 |
| commit | b01725eb25f21d55d58862ae38733b0ada99b673 (patch) | |
| tree | af9b1d74de6fc67e26b1893ea818545f15ea9c7a /modules | |
| parent | 70764cf615fd89b7ab77532ed23c18c073c5d245 (diff) | |
impermanence preps
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/snorlax/default.nix | 13 | ||||
| -rw-r--r-- | modules/snorlax/disk-config.nix | 10 | ||||
| -rw-r--r-- | modules/snorlax/git.nix | 2 | ||||
| -rw-r--r-- | modules/snorlax/networking.nix | 25 | ||||
| -rw-r--r-- | modules/snorlax/nginx.nix | 6 | ||||
| -rw-r--r-- | modules/snorlax/samba.nix | 2 |
6 files changed, 34 insertions, 24 deletions
diff --git a/modules/snorlax/default.nix b/modules/snorlax/default.nix index 359ee8d..cbc0430 100644 --- a/modules/snorlax/default.nix +++ b/modules/snorlax/default.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ ... }: { imports = [ ./disk-config.nix @@ -18,16 +18,5 @@ time.timeZone = "Europe/Amsterdam"; - programs.mtr.enable = true; - services.openssh = { - enable = true; - allowSFTP = false; - settings = { - PermitRootLogin = "no"; - AllowUsers = [ "jras" ]; - }; - openFirewall = lib.mkForce true; - }; - home-manager.users.jras = { home.stateVersion = "24.11"; }; } diff --git a/modules/snorlax/disk-config.nix b/modules/snorlax/disk-config.nix index 9bac5f0..bf55bc3 100644 --- a/modules/snorlax/disk-config.nix +++ b/modules/snorlax/disk-config.nix @@ -40,15 +40,9 @@ postCreateHook = "zfs list -t snap -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; datasets = { - git = { + persist = { type = "zfs_fs"; - mountpoint = "/var/lib/git"; - options."com.sun:auto-snapshot" = "true"; - }; - - samba = { - type = "zfs_fs"; - mountpoint = "/srv/samba"; + mountpoint = "/persist"; options."com.sun:auto-snapshot" = "true"; }; }; diff --git a/modules/snorlax/git.nix b/modules/snorlax/git.nix index a24c26a..188461d 100644 --- a/modules/snorlax/git.nix +++ b/modules/snorlax/git.nix @@ -1,6 +1,6 @@ { lib, pkgs, ... }: let - home = "/var/lib/git"; + home = "/persist/var/lib/git"; repos = { nixos = { path = "${home}/nixos.git"; diff --git a/modules/snorlax/networking.nix b/modules/snorlax/networking.nix index daca7af..315a4c2 100644 --- a/modules/snorlax/networking.nix +++ b/modules/snorlax/networking.nix @@ -1,7 +1,30 @@ -{ ... }: +{ lib, ... }: { networking.hostName = "snorlax"; networking.hostId = "1d1ebf34"; + + programs.mtr.enable = true; + services.openssh = { + enable = true; + allowSFTP = false; + settings = { + PermitRootLogin = "no"; + AllowUsers = [ "jras" ]; + }; + openFirewall = lib.mkForce true; + hostKeys = [ + { + path = "/persist/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + { + path = "/persist/etc/ssh/ssh_host_rsa_key"; + type = "rsa"; + bits = 4096; + } + ]; + }; + # networking.useNetworkd = true; # systemd.network.enable = true; diff --git a/modules/snorlax/nginx.nix b/modules/snorlax/nginx.nix index cc38496..bb09cd2 100644 --- a/modules/snorlax/nginx.nix +++ b/modules/snorlax/nginx.nix @@ -11,11 +11,15 @@ onlySSL = true; kTLS = true; enableACME = true; - root = "/srv/www/jras.nl"; + root = "/persist/srv/www/jras.nl"; }; }; }; security.acme.defaults.email = "jaspert.ras@gmail.com"; security.acme.acceptTerms = true; + + systemd.tmpfiles.rules = [ + "L /var/lib/acme - - - - /persist/var/lib/acme" + ]; } diff --git a/modules/snorlax/samba.nix b/modules/snorlax/samba.nix index 44a4be9..c7b692b 100644 --- a/modules/snorlax/samba.nix +++ b/modules/snorlax/samba.nix @@ -17,7 +17,7 @@ }; photos = { - "path" = "/srv/samba/photos"; + "path" = "/persist/srv/samba/photos"; "browseable" = "yes"; "read only" = "no"; "guest ok" = "yes"; |