diff options
| author | Jasper Ras <jras@hostnet.nl> | 2025-02-16 21:04:52 +0100 |
|---|---|---|
| committer | Jasper Ras <jras@hostnet.nl> | 2025-02-16 21:04:52 +0100 |
| commit | fad1f2c812eba1a166bd3a28b23f8df7ddcf3218 (patch) | |
| tree | c3ab084849839acd1e8c118b658fc77a96120787 /modules | |
| parent | b01725eb25f21d55d58862ae38733b0ada99b673 (diff) | |
mumbujumbo
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/backup/default.nix | 33 | ||||
| -rw-r--r-- | modules/backup/disk-config.nix | 52 | ||||
| -rw-r--r-- | modules/core/default.nix | 2 | ||||
| -rw-r--r-- | modules/core/networking.nix | 1 | ||||
| -rw-r--r-- | modules/core/services.nix | 6 | ||||
| -rw-r--r-- | modules/snorlax/disk-config.nix | 2 | ||||
| -rw-r--r-- | modules/snorlax/networking.nix | 7 |
7 files changed, 94 insertions, 9 deletions
diff --git a/modules/backup/default.nix b/modules/backup/default.nix new file mode 100644 index 0000000..df34549 --- /dev/null +++ b/modules/backup/default.nix @@ -0,0 +1,33 @@ +{ lib, ... }: +{ + imports = [ + ./disk-config.nix + ../core + ]; + + # MEH + networking.hostId = "78bc192c"; + + system.stateVersion = "24.11"; + home-manager.users.jras = { home.stateVersion = "24.11"; }; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + time.timeZone = "Europe/Amsterdam"; + + services.openssh = { + openFirewall = lib.mkForce true; + hostKeys = [ + { + path = "/persist/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + { + path = "/persist/etc/ssh/ssh_host_rsa_key"; + type = "rsa"; + bits = 4096; + } + ]; + }; +} diff --git a/modules/backup/disk-config.nix b/modules/backup/disk-config.nix new file mode 100644 index 0000000..9244686 --- /dev/null +++ b/modules/backup/disk-config.nix @@ -0,0 +1,52 @@ +{ + disko.devices = { + disk = { + sda = { + device = "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + }; + + zpool = { + zroot = { + type = "zpool"; + rootFsOptions = { + compression = "zstd"; + "com.sun:auto-snapshot" = "false"; + }; + mountpoint = "/"; + postCreateHook = "zfs list -t snap -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; + + datasets = { + persist = { + type = "zfs_fs"; + mountpoint = "/persist"; + options."com.sun:auto-snapshot" = "true"; + }; + }; + }; + }; + }; +} diff --git a/modules/core/default.nix b/modules/core/default.nix index 7ec63e4..2640047 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -7,4 +7,6 @@ ./packages.nix ./tailscale.nix ]; + + programs.mtr.enable = true; } diff --git a/modules/core/networking.nix b/modules/core/networking.nix new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/modules/core/networking.nix @@ -0,0 +1 @@ + diff --git a/modules/core/services.nix b/modules/core/services.nix index f3d1d24..c80bb68 100644 --- a/modules/core/services.nix +++ b/modules/core/services.nix @@ -4,7 +4,11 @@ openssh = { enable = true; openFirewall = lib.mkDefault false; - settings.AllowUsers = [ "jras" ]; + allowSFTP = false; + settings = { + AllowUsers = [ "jras" ]; + PermitRootLogin = "no"; + }; }; }; } diff --git a/modules/snorlax/disk-config.nix b/modules/snorlax/disk-config.nix index bf55bc3..9ba9130 100644 --- a/modules/snorlax/disk-config.nix +++ b/modules/snorlax/disk-config.nix @@ -9,7 +9,7 @@ partitions = { ESP = { type = "EF00"; - size = "64M"; + size = "500M"; content = { type = "filesystem"; format = "vfat"; diff --git a/modules/snorlax/networking.nix b/modules/snorlax/networking.nix index 315a4c2..ec0cdcc 100644 --- a/modules/snorlax/networking.nix +++ b/modules/snorlax/networking.nix @@ -3,14 +3,7 @@ networking.hostName = "snorlax"; networking.hostId = "1d1ebf34"; - programs.mtr.enable = true; services.openssh = { - enable = true; - allowSFTP = false; - settings = { - PermitRootLogin = "no"; - AllowUsers = [ "jras" ]; - }; openFirewall = lib.mkForce true; hostKeys = [ { |