From 51044e15eb655db1dd763e85c4ff86ba5878b54f Mon Sep 17 00:00:00 2001 From: Bun Date: Fri, 6 Jun 2025 14:54:14 -0400 Subject: [PATCH] Add two new servers --- flake.nix | 7 +- hosts/detritus/boot/default.nix | 5 +- hosts/detritus/default.nix | 9 +- hosts/detritus/disko/default.nix | 16 +-- hosts/detritus/filesystems/default.nix | 5 +- hosts/detritus/id_ed25519.pub | 1 - hosts/detritus/user/default.nix | 11 -- hosts/elder/boot/default.nix | 11 ++ hosts/elder/default.nix | 20 ++++ hosts/elder/disko/default.nix | 100 ++++++++++++++++++ hosts/elder/filesystems/default.nix | 16 +++ hosts/elder/hardware/default.nix | 23 ++++ hosts/intuos/default.nix | 1 - hosts/intuos/filesystems/default.nix | 9 -- hosts/jupiter/filesystems/default.nix | 5 - hosts/kitty/filesystems/default.nix | 4 +- hosts/kitty/id_ed25519.pub | 1 - hosts/midas/filesystems/default.nix | 4 +- hosts/midas/id_ed25519.pub | 1 - hosts/prophet/filesystems/default.nix | 4 +- hosts/prophet/id_ed25519.pub | 1 - hosts/tower/filesystems/default.nix | 5 - .../home/programs/terminal/ssh/default.nix | 6 +- .../devices/networking/mounts/default.nix | 15 ++- modules/system/users/main/default.nix | 6 -- 25 files changed, 208 insertions(+), 78 deletions(-) delete mode 100644 hosts/detritus/id_ed25519.pub delete mode 100644 hosts/detritus/user/default.nix create mode 100644 hosts/elder/boot/default.nix create mode 100644 hosts/elder/default.nix create mode 100644 hosts/elder/disko/default.nix create mode 100644 hosts/elder/filesystems/default.nix create mode 100644 hosts/elder/hardware/default.nix delete mode 100644 hosts/intuos/filesystems/default.nix delete mode 100644 hosts/kitty/id_ed25519.pub delete mode 100644 hosts/midas/id_ed25519.pub delete mode 100644 hosts/prophet/id_ed25519.pub diff --git a/flake.nix b/flake.nix index e0e28421..f173daa3 100644 --- a/flake.nix +++ b/flake.nix @@ -72,7 +72,7 @@ # Desktops tower.imports = [ ./hosts/tower ]; - #detritus.imports = [ ./hosts/detritus ]; + hidden.imports = [ ./hosts/hidden ]; # Laptops intuos.imports = [ ./hosts/intuos ]; @@ -81,10 +81,9 @@ # Servers midas.imports = [ ./hosts/midas ]; kitty.imports = [ ./hosts/kitty ]; + elder.imports = [ ./hosts/elder ]; + detritus.imports = [ ./hosts/detritus ]; prophet.imports = [ ./hosts/prophet ]; - - # Misc - hidden.imports = [ ./hosts/hidden ]; }; } diff --git a/hosts/detritus/boot/default.nix b/hosts/detritus/boot/default.nix index 1edfa6e4..de4af487 100644 --- a/hosts/detritus/boot/default.nix +++ b/hosts/detritus/boot/default.nix @@ -1,10 +1,11 @@ -{ ... }: +{ pkgs, ... }: { boot = { + kernelPackages = pkgs.linuxPackages_hardened; kernelParams = [ "amdgpu.si_support=1" "radeon.si_support=0" ]; - lanzaboote.enable = true; + loader.systemd-boot.enable = true; }; } diff --git a/hosts/detritus/default.nix b/hosts/detritus/default.nix index 67070617..8f265437 100644 --- a/hosts/detritus/default.nix +++ b/hosts/detritus/default.nix @@ -5,13 +5,16 @@ ./disko ./filesystems ./hardware - ./user ]; system = { - nixos.tags = [ "pc" ]; + nixos.tags = [ "server" ]; stateVersion = "25.05"; }; - deployment.targetHost = ""; + deployment.targetHost = "5dd:9cd7:f286:e2c7:4c3b:c2e1:7832:97a3"; + + networking.hostId = "0917a5c1"; + + services.nfs.server.enable = true; } diff --git a/hosts/detritus/disko/default.nix b/hosts/detritus/disko/default.nix index 4d195170..69872c6c 100644 --- a/hosts/detritus/disko/default.nix +++ b/hosts/detritus/disko/default.nix @@ -24,17 +24,11 @@ mountOptions = [ "umask=0077" ]; }; }; - luks = { + main = { size = "100%"; content = { - type = "luks"; - name = "${config.networking.hostName}-disk"; - settings.allowDiscards = true; - passwordFile = "/tmp/secret.key"; - content = { - type = "lvm_pv"; - vg = "${config.networking.hostName}"; - }; + type = "lvm_pv"; + vg = "${config.networking.hostName}"; }; }; }; @@ -78,7 +72,7 @@ # Impermanence "/persist" = { mountpoint = "/persist"; - mountOptions = [ + mountOptions = [ "compress=zstd" "ssd" ]; @@ -90,7 +84,7 @@ }; }; swap = { - size = "8G"; + size = "2G"; content = { type = "swap"; discardPolicy = "both"; diff --git a/hosts/detritus/filesystems/default.nix b/hosts/detritus/filesystems/default.nix index 8d38c55d..57f1c404 100644 --- a/hosts/detritus/filesystems/default.nix +++ b/hosts/detritus/filesystems/default.nix @@ -11,9 +11,6 @@ ]; }; - # Network mounts - "kitty".enable = true; - "midas".enable = true; - "prophet".enable = true; + "detritus".enable = false; }; } diff --git a/hosts/detritus/id_ed25519.pub b/hosts/detritus/id_ed25519.pub deleted file mode 100644 index c35b9e57..00000000 --- a/hosts/detritus/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBQE+a1E88+ELJ5cDOMPlc9lnV1ysVndchgJ4MxCjeWd diff --git a/hosts/detritus/user/default.nix b/hosts/detritus/user/default.nix deleted file mode 100644 index 834704d5..00000000 --- a/hosts/detritus/user/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, pkgs, ... }: -{ - home-manager.users."${config.vars.mainUser}" = { - home = { - desktop.enable = true; - gaming.enable = true; - }; - - wayland.windowManager.sway.package = pkgs.swayfx; - }; -} diff --git a/hosts/elder/boot/default.nix b/hosts/elder/boot/default.nix new file mode 100644 index 00000000..20a7f4e7 --- /dev/null +++ b/hosts/elder/boot/default.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: +{ + boot = { + kernelPackages = pkgs.linuxPackages_hardened; + kernelParams = [ + "amdgpu.si_support=1" + "radeon.si_support=0" + ]; + loader.grub.enable = true; + }; +} diff --git a/hosts/elder/default.nix b/hosts/elder/default.nix new file mode 100644 index 00000000..648248ee --- /dev/null +++ b/hosts/elder/default.nix @@ -0,0 +1,20 @@ +{ ... }: +{ + imports = [ + ./boot + ./disko + ./filesystems + ./hardware + ]; + + system = { + nixos.tags = [ "server" ]; + stateVersion = "25.05"; + }; + + deployment.targetHost = "570:3651:7f2:c26b:bccd:725b:be00:8a18"; + + networking.hostId = "447645a9"; + + services.nfs.server.enable = true; +} diff --git a/hosts/elder/disko/default.nix b/hosts/elder/disko/default.nix new file mode 100644 index 00000000..2191e808 --- /dev/null +++ b/hosts/elder/disko/default.nix @@ -0,0 +1,100 @@ +{ config, disko, ... }: +{ + imports = [ disko.nixosModules.disko ]; + + disko.devices = { + disk = { + "${config.networking.hostName}" = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; + }; + ESP = { + size = "2G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + main = { + size = "100%"; + content = { + type = "lvm_pv"; + vg = "${config.networking.hostName}"; + }; + }; + }; + }; + }; + }; + + lvm_vg = { + "${config.networking.hostName}" = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ + "compress=zstd" + "ssd" + ]; + }; + "/prev" = { + mountpoint = "/prev"; + mountOptions = [ + "compress=zstd" + "noexec" + "ssd" + ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "compress=zstd" + "ssd" + ]; + }; + + # Impermanence + "/persist" = { + mountpoint = "/persist"; + mountOptions = [ + "compress=zstd" + "ssd" + ]; + }; + "/persist/.snapshots" = { }; + "/persist/home" = { }; + "/persist/home/.snapshots" = { }; + }; + }; + }; + swap = { + size = "8G"; + content = { + type = "swap"; + discardPolicy = "both"; + }; + }; + }; + }; + }; + }; + + # Needed for impermanence + fileSystems."/persist".neededForBoot = true; +} diff --git a/hosts/elder/filesystems/default.nix b/hosts/elder/filesystems/default.nix new file mode 100644 index 00000000..0c254c44 --- /dev/null +++ b/hosts/elder/filesystems/default.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + fileSystems = { + "/persist/storage" = { + device = "/dev/disk/by-uuid/5c3c533b-1c70-4411-854a-37fa794fc17c"; + fsType = "btrfs"; + options = [ + "nofail" + "nosuid" + "subvol=storage" + ]; + }; + + "elder".enable = false; + }; +} diff --git a/hosts/elder/hardware/default.nix b/hosts/elder/hardware/default.nix new file mode 100644 index 00000000..6dcb3faa --- /dev/null +++ b/hosts/elder/hardware/default.nix @@ -0,0 +1,23 @@ +{ modulesPath, ... }: +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ + "ahci" + "ehci_pci" + "sd_mod" + "sr_mod" + "uhci_hcd" + "usbhid" + ]; + kernelModules = [ "dm-snapshot" ]; + }; + kernelModules = [ "kvm-intel" ]; + }; + + hardware.cpu.intel.updateMicrocode = true; + + nixpkgs.hostPlatform = "x86_64-linux"; +} diff --git a/hosts/intuos/default.nix b/hosts/intuos/default.nix index f33170b8..4e3a9f3b 100644 --- a/hosts/intuos/default.nix +++ b/hosts/intuos/default.nix @@ -3,7 +3,6 @@ imports = [ ./boot ./disko - ./filesystems ./hardware ./user ]; diff --git a/hosts/intuos/filesystems/default.nix b/hosts/intuos/filesystems/default.nix deleted file mode 100644 index ee9adee1..00000000 --- a/hosts/intuos/filesystems/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: -{ - fileSystems = { - # Network mounts - "kitty".enable = true; - "midas".enable = true; - "prophet".enable = true; - }; -} diff --git a/hosts/jupiter/filesystems/default.nix b/hosts/jupiter/filesystems/default.nix index 33a063c6..7f734c26 100644 --- a/hosts/jupiter/filesystems/default.nix +++ b/hosts/jupiter/filesystems/default.nix @@ -9,10 +9,5 @@ "nosuid" ]; }; - - # Network mounts - "kitty".enable = !config.system.steamdeck.enable; - "midas".enable = !config.system.steamdeck.enable; - "prophet".enable = !config.system.steamdeck.enable; }; } diff --git a/hosts/kitty/filesystems/default.nix b/hosts/kitty/filesystems/default.nix index c23bf7ca..2ed8bf2c 100644 --- a/hosts/kitty/filesystems/default.nix +++ b/hosts/kitty/filesystems/default.nix @@ -10,8 +10,6 @@ ]; }; - # Network mounts - "midas".enable = true; - "prophet".enable = true; + "kitty".enable = false; }; } diff --git a/hosts/kitty/id_ed25519.pub b/hosts/kitty/id_ed25519.pub deleted file mode 100644 index 0b6823a8..00000000 --- a/hosts/kitty/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDOBa+Wz1FqFEnMeXflP0CPt2wnN819T+FdSCIwFLJjN diff --git a/hosts/midas/filesystems/default.nix b/hosts/midas/filesystems/default.nix index bd59eb6e..96197c20 100644 --- a/hosts/midas/filesystems/default.nix +++ b/hosts/midas/filesystems/default.nix @@ -11,8 +11,6 @@ ]; }; - # Network mounts - "kitty".enable = true; - "prophet".enable = true; + "midas".enable = false; }; } diff --git a/hosts/midas/id_ed25519.pub b/hosts/midas/id_ed25519.pub deleted file mode 100644 index 082fe2e0..00000000 --- a/hosts/midas/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFGHaxdTeC1xnTx2BY5LLR5LxhdSkmYoWuOeEuRIz0k diff --git a/hosts/prophet/filesystems/default.nix b/hosts/prophet/filesystems/default.nix index 57be3eb0..c6d09166 100644 --- a/hosts/prophet/filesystems/default.nix +++ b/hosts/prophet/filesystems/default.nix @@ -10,8 +10,6 @@ ]; }; - # Network mounts - "kitty".enable = true; - "midas".enable = true; + "prophet".enable = false; }; } diff --git a/hosts/prophet/id_ed25519.pub b/hosts/prophet/id_ed25519.pub deleted file mode 100644 index 0d58d2b8..00000000 --- a/hosts/prophet/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDXU+mo+lkFaGBV7wuzrGnlII15YS3/MkkG3KmGJRT0j diff --git a/hosts/tower/filesystems/default.nix b/hosts/tower/filesystems/default.nix index ad9f218f..37db4d04 100644 --- a/hosts/tower/filesystems/default.nix +++ b/hosts/tower/filesystems/default.nix @@ -37,10 +37,5 @@ "subvol=libvirt" ]; }; - - # Network mounts - "kitty".enable = true; - "midas".enable = true; - "prophet".enable = true; }; } diff --git a/modules/home/programs/terminal/ssh/default.nix b/modules/home/programs/terminal/ssh/default.nix index 269710b1..8bb73968 100644 --- a/modules/home/programs/terminal/ssh/default.nix +++ b/modules/home/programs/terminal/ssh/default.nix @@ -5,12 +5,16 @@ addKeysToAgent = "yes"; compression = true; matchBlocks = { - # Personal servers + # Personal devices tower.hostname = "4e4:535:9d47:f367:becd:6557:458d:5b1b"; intuos.hostname = "40e:404:a427:da33:163e:97b3:a2a3:9ed4"; jupiter.hostname = "5ce:969c:40d1:9575:f5e:591d:c377:a20b"; + + # Personal servers midas.hostname = "538:e163:87ba:f847:3646:18b6:6b01:d8f8"; kitty.hostname = "53f:dc2d:80c9:3ca2:4b15:ef4d:38a0:c868"; + detritus.hostname = "5dd:9cd7:f286:e2c7:4c3b:c2e1:7832:97a3"; + elder.hostname = "570:3651:7f2:c26b:bccd:725b:be00:8a18"; prophet.hostname = "42f:2737:2aed:4dee:cbe4:3c73:1918:ad9b"; # Other servers diff --git a/modules/system/devices/networking/mounts/default.nix b/modules/system/devices/networking/mounts/default.nix index 3bb69619..b1354e42 100644 --- a/modules/system/devices/networking/mounts/default.nix +++ b/modules/system/devices/networking/mounts/default.nix @@ -8,21 +8,30 @@ ]; in with nodes; { "midas" = { - enable = lib.mkDefault false; device = "[${midas.config.deployment.targetHost}]:/storage"; mountPoint = "/network/Midas"; fsType = "nfs4"; options = netOpts; }; "kitty" = { - enable = lib.mkDefault false; device = "[${kitty.config.deployment.targetHost}]:/storage"; mountPoint = "/network/Kitty"; fsType = "nfs4"; options = netOpts; }; + "detritus" = { + device = "[${detritus.config.deployment.targetHost}]:/storage"; + mountPoint = "/network/Detritus"; + fsType = "nfs4"; + options = netOpts; + }; + "elder" = { + device = "[${elder.config.deployment.targetHost}]:/storage"; + mountPoint = "/network/Elder"; + fsType = "nfs4"; + options = netOpts; + }; "prophet" = { - enable = lib.mkDefault false; device = "[${prophet.config.deployment.targetHost}]:/storage"; mountPoint = "/network/Prophet"; fsType = "nfs4"; diff --git a/modules/system/users/main/default.nix b/modules/system/users/main/default.nix index f0dcf478..9ae2a7b7 100644 --- a/modules/system/users/main/default.nix +++ b/modules/system/users/main/default.nix @@ -7,14 +7,8 @@ hashedPassword = config.secrets.accPass.main; openssh.authorizedKeys.keyFiles = [ ../../../../hosts/tower/id_ed25519.pub - ../../../../hosts/detritus/id_ed25519.pub - ../../../../hosts/intuos/id_ed25519.pub ../../../../hosts/jupiter/id_ed25519.pub - - ../../../../hosts/midas/id_ed25519.pub - ../../../../hosts/kitty/id_ed25519.pub - ../../../../hosts/prophet/id_ed25519.pub ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3B9Uf3h5JiD2HjF/vQ5Zx9pibMgRrlf7ZoBktev9eB Warden"