prepared the new vps

2025-01-18 17:11:39 +01:00 · 2023-04-12 17:21:24 +02:00 · 2023-04-12 17:21:24 +02:00 · 1cd25fb778
commit 1cd25fb778
parent 534dba6dbe
5 changed files with 102 additions and 3 deletions
--- a/flake.lock
+++ b/flake.lock
@ -143,11 +143,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1681301498,
-        "narHash": "sha256-GVp3UML9MI6gd9RK3Mjkype7/leDfEuWIkou59Iv8Sk=",
+        "lastModified": 1681303095,
+        "narHash": "sha256-0lj5ZGMhXdeYbbQQ5Y0fv0OcKe0zXfn4H2VOn31l/9o=",
        "owner": "hyprwm",
        "repo": "Hyprland",
-        "rev": "a68feb5aa09264beee57a88ee85aefb89680db3b",
+        "rev": "efee6a1cda278b8589bfe335c66d8fb272027bca",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -107,6 +107,15 @@
            sops-nix.nixosModules.sops
          ];
        };
+        falkenstein-1 = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          specialArgs.inputs = attrs;
+          modules = [
+            ./hosts/falkenstein-1
+            ./shared
+            sops-nix.nixosModules.sops
+          ];
+        };
      };
    };
 }
--- a/hosts/falkenstein-1/default.nix
+++ b/hosts/falkenstein-1/default.nix
@ -0,0 +1,58 @@
+{ config, pkgs, ... }:
+{
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ./modules/networks
+      ./modules/nginx
+    ];
+
+  boot = {
+    loader = {
+      grub = {
+        enable = true;
+        version = 2;
+        efiSupport = true;
+        efiInstallAsRemovable = true;
+        device = "/dev/sda";
+      };
+      efi.efiSysMountPoint = "/boot/efi";
+    };
+    kernelPackages = pkgs.linuxPackages_latest;
+    #tmpOnTmpfs = true;
+  };
+
+  time.timeZone = "Europe/Berlin";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    keyMap = "dvorak";
+  };
+
+  environment.systemPackages = with pkgs; [
+    vim
+    wget
+    htop-vim
+  ];
+  programs.git = {
+    enable = true;
+    config = {
+      user.name = "Rouven Seifert";
+      user.email = "rouven@rfive.de";
+    };
+  };
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keyFiles = [
+    #../../keys/ssh/rouven-thinkpad
+    ../../keys/ssh/rouven-pixel
+    ../../keys/ssh/rouven-smartcard
+  ];
+
+  system.stateVersion = "22.11";
+
+}
+
--- a/hosts/falkenstein-1/modules/networks/default.nix
+++ b/hosts/falkenstein-1/modules/networks/default.nix
@ -0,0 +1,21 @@
+{ config, ... }:
+{
+  networking = {
+    hostName = "nuc";
+    useNetworkd = true;
+    enableIPv6 = true;
+  };
+  systemd.network = {
+    enable = true;
+    networks."10-loopback" = {
+      matchConfig.Name = "lo";
+      linkConfig.RequiredForOnline = false;
+    };
+    networks."10-wired" = {
+      matchConfig.Name = "ens3";
+      networkConfig = {
+        DHCP = "yes";
+      };
+    };
+  };
+}
--- a/hosts/falkenstein-1/modules/nginx/default.nix
+++ b/hosts/falkenstein-1/modules/nginx/default.nix
@ -0,0 +1,11 @@
+{ config, ... }:
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  services.nginx.enable = true;
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "rouven@rfive.de";
+    };
+  };
+}