Add two new servers

flake.nix

@@ -72,7 +72,7 @@
 
       # Desktops
       tower.imports = [ ./hosts/tower ];
-      #detritus.imports = [ ./hosts/detritus ];
+      hidden.imports = [ ./hosts/hidden ];
 
       # Laptops
       intuos.imports = [ ./hosts/intuos ];
@@ -81,10 +81,9 @@
       # Servers
       midas.imports = [ ./hosts/midas ];
       kitty.imports = [ ./hosts/kitty ];
+      elder.imports = [ ./hosts/elder ];
+      detritus.imports = [ ./hosts/detritus ];
       prophet.imports = [ ./hosts/prophet ];
-
-      # Misc
-      hidden.imports = [ ./hosts/hidden ];
     };
   }
 

hosts/detritus/boot/default.nix

@@ -1,10 +1,11 @@
-{ ... }:
+{ pkgs, ... }:
 {
   boot = {
+    kernelPackages = pkgs.linuxPackages_hardened;
     kernelParams = [
       "amdgpu.si_support=1"
       "radeon.si_support=0"
     ];
-    lanzaboote.enable = true;
+    loader.systemd-boot.enable = true;
   };
 }

hosts/detritus/default.nix

@@ -5,13 +5,16 @@
     ./disko
     ./filesystems
     ./hardware
-    ./user
   ];
 
   system = {
-    nixos.tags = [ "pc" ];
+    nixos.tags = [ "server" ];
     stateVersion = "25.05";
   };
 
-  deployment.targetHost = "";
+  deployment.targetHost = "5dd:9cd7:f286:e2c7:4c3b:c2e1:7832:97a3";
+
+  networking.hostId = "0917a5c1";
+
+  services.nfs.server.enable = true;
 }

hosts/detritus/disko/default.nix

@@ -24,17 +24,11 @@
                 mountOptions = [ "umask=0077" ];
               };
             };
-            luks = {
+            main = {
               size = "100%";
               content = {
-                type = "luks";
+                type = "lvm_pv";
-                name = "${config.networking.hostName}-disk";
+                vg = "${config.networking.hostName}";
-                settings.allowDiscards = true;
-                passwordFile = "/tmp/secret.key";
-                content = {
-                  type = "lvm_pv";
-                  vg = "${config.networking.hostName}";
-                };
               };
             };
           };
@@ -78,7 +72,7 @@
                 # Impermanence
                 "/persist" = {
                   mountpoint = "/persist";
-                  mountOptions = [
+                  mountOptions = [ 
                     "compress=zstd"
                     "ssd"
                   ];
@@ -90,7 +84,7 @@
             };
           };
           swap = {
-            size = "8G";
+            size = "2G";
             content = {
               type = "swap";
               discardPolicy = "both";

hosts/detritus/filesystems/default.nix

@@ -11,9 +11,6 @@
       ];
     };
 
-    # Network mounts
+    "detritus".enable = false;
-    "kitty".enable = true;
-    "midas".enable = true;
-    "prophet".enable = true;
   };
 }

hosts/detritus/id_ed25519.pub

@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBQE+a1E88+ELJ5cDOMPlc9lnV1ysVndchgJ4MxCjeWd

hosts/detritus/user/default.nix

@@ -1,11 +0,0 @@
-{ config, pkgs, ... }:
-{
-  home-manager.users."${config.vars.mainUser}" = {
-    home = {
-      desktop.enable = true;
-      gaming.enable = true;
-    };
-
-    wayland.windowManager.sway.package = pkgs.swayfx;
-  };
-}

hosts/elder/boot/default.nix

@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+{
+  boot = {
+    kernelPackages = pkgs.linuxPackages_hardened;
+    kernelParams = [
+      "amdgpu.si_support=1"
+      "radeon.si_support=0"
+    ];
+    loader.grub.enable = true;
+  };
+}

hosts/elder/default.nix

@@ -0,0 +1,20 @@
+{ ... }:
+{
+  imports = [
+    ./boot
+    ./disko
+    ./filesystems
+    ./hardware
+  ];
+
+  system = {
+    nixos.tags = [ "server" ];
+    stateVersion = "25.05";
+  };
+
+  deployment.targetHost = "570:3651:7f2:c26b:bccd:725b:be00:8a18";
+
+  networking.hostId = "447645a9";
+
+  services.nfs.server.enable = true;
+}

hosts/elder/disko/default.nix

@@ -0,0 +1,100 @@
+{ config, disko, ... }:
+{
+  imports = [ disko.nixosModules.disko ];
+
+  disko.devices = {
+    disk = {
+      "${config.networking.hostName}" = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02";
+            };
+            ESP = {
+              size = "2G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            main = {
+              size = "100%";
+              content = {
+                type = "lvm_pv";
+                vg = "${config.networking.hostName}";
+              };
+            };
+          };
+        };
+      };
+    };
+
+    lvm_vg = {
+      "${config.networking.hostName}" = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%";
+            content = {
+              type = "btrfs";
+              extraArgs = [ "-f" ];
+              subvolumes = {
+                "/root" = {
+                  mountpoint = "/";
+                  mountOptions = [
+                    "compress=zstd"
+                    "ssd"
+                  ];
+                };
+                "/prev" = {
+                  mountpoint = "/prev";
+                  mountOptions = [
+                    "compress=zstd"
+                    "noexec"
+                    "ssd"
+                  ];
+                };
+                "/nix" = {
+                  mountpoint = "/nix";
+                  mountOptions = [
+                    "compress=zstd"
+                    "ssd"
+                  ];
+                };
+
+                # Impermanence
+                "/persist" = {
+                  mountpoint = "/persist";
+                  mountOptions = [ 
+                    "compress=zstd"
+                    "ssd"
+                  ];
+                };
+                "/persist/.snapshots" = { };
+                "/persist/home" = { };
+                "/persist/home/.snapshots" = { };
+              };
+            };
+          };
+          swap = {
+            size = "8G";
+            content = {
+              type = "swap";
+              discardPolicy = "both";
+            };
+          };
+        };
+      };
+    };
+  };
+
+  # Needed for impermanence
+  fileSystems."/persist".neededForBoot = true;
+}

hosts/elder/filesystems/default.nix

@@ -0,0 +1,16 @@
+{ ... }:
+{
+  fileSystems = {
+    "/persist/storage" = {
+      device = "/dev/disk/by-uuid/5c3c533b-1c70-4411-854a-37fa794fc17c";
+      fsType = "btrfs";
+      options = [
+        "nofail"
+        "nosuid"
+        "subvol=storage"
+      ];
+    };
+
+    "elder".enable = false;
+  };
+}

hosts/elder/hardware/default.nix

@@ -0,0 +1,23 @@
+{ modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "ahci"
+        "ehci_pci"
+        "sd_mod"
+        "sr_mod"
+        "uhci_hcd"
+        "usbhid"
+      ];
+      kernelModules = [ "dm-snapshot" ];
+    };
+    kernelModules = [ "kvm-intel" ];
+  };
+
+  hardware.cpu.intel.updateMicrocode = true;
+
+  nixpkgs.hostPlatform = "x86_64-linux";
+}

hosts/intuos/default.nix

@@ -3,7 +3,6 @@
   imports = [
     ./boot
     ./disko
-    ./filesystems
     ./hardware
     ./user
   ];

hosts/intuos/filesystems/default.nix

@@ -1,9 +0,0 @@
-{ ... }:
-{
-  fileSystems = {
-    # Network mounts
-    "kitty".enable = true;
-    "midas".enable = true;
-    "prophet".enable = true;
-  };
-}

hosts/jupiter/filesystems/default.nix

@@ -9,10 +9,5 @@
         "nosuid"
       ];
     };
-
-    # Network mounts
-    "kitty".enable = !config.system.steamdeck.enable;
-    "midas".enable = !config.system.steamdeck.enable;
-    "prophet".enable = !config.system.steamdeck.enable;
   };
 }

hosts/kitty/filesystems/default.nix

@@ -10,8 +10,6 @@
       ];
     };
 
-    # Network mounts
+    "kitty".enable = false;
-    "midas".enable = true;
-    "prophet".enable = true;
   };
 }

hosts/kitty/id_ed25519.pub

@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDOBa+Wz1FqFEnMeXflP0CPt2wnN819T+FdSCIwFLJjN

hosts/midas/filesystems/default.nix

@@ -11,8 +11,6 @@
       ];
     };
 
-    # Network mounts
+    "midas".enable = false;
-    "kitty".enable = true;
-    "prophet".enable = true;
   };
 }

hosts/midas/id_ed25519.pub

@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFGHaxdTeC1xnTx2BY5LLR5LxhdSkmYoWuOeEuRIz0k

hosts/prophet/filesystems/default.nix

@@ -10,8 +10,6 @@
       ];
     };
 
-    # Network mounts
+    "prophet".enable = false;
-    "kitty".enable = true;
-    "midas".enable = true;
   };
 }

hosts/prophet/id_ed25519.pub

@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDXU+mo+lkFaGBV7wuzrGnlII15YS3/MkkG3KmGJRT0j

hosts/tower/filesystems/default.nix

@@ -37,10 +37,5 @@
         "subvol=libvirt"
       ];
     };
-
-    # Network mounts
-    "kitty".enable = true;
-    "midas".enable = true;
-    "prophet".enable = true;
   };
 }

modules/home/programs/terminal/ssh/default.nix

@@ -5,12 +5,16 @@
     addKeysToAgent = "yes";
     compression = true;
     matchBlocks = {
-      # Personal servers
+      # Personal devices
       tower.hostname = "4e4:535:9d47:f367:becd:6557:458d:5b1b";
       intuos.hostname = "40e:404:a427:da33:163e:97b3:a2a3:9ed4";
       jupiter.hostname = "5ce:969c:40d1:9575:f5e:591d:c377:a20b";
+
+      # Personal servers
       midas.hostname = "538:e163:87ba:f847:3646:18b6:6b01:d8f8";
       kitty.hostname = "53f:dc2d:80c9:3ca2:4b15:ef4d:38a0:c868";
+      detritus.hostname = "5dd:9cd7:f286:e2c7:4c3b:c2e1:7832:97a3";
+      elder.hostname = "570:3651:7f2:c26b:bccd:725b:be00:8a18";
       prophet.hostname = "42f:2737:2aed:4dee:cbe4:3c73:1918:ad9b";
 
       # Other servers

modules/system/devices/networking/mounts/default.nix

@@ -8,21 +8,30 @@
     ];
   in with nodes; {
     "midas" = {
-      enable = lib.mkDefault false;
       device = "[${midas.config.deployment.targetHost}]:/storage";
       mountPoint = "/network/Midas";
       fsType = "nfs4";
       options = netOpts;
     };
     "kitty" = {
-      enable = lib.mkDefault false;
       device = "[${kitty.config.deployment.targetHost}]:/storage";
       mountPoint = "/network/Kitty";
       fsType = "nfs4";
       options = netOpts;
     };
+    "detritus" = {
+      device = "[${detritus.config.deployment.targetHost}]:/storage";
+      mountPoint = "/network/Detritus";
+      fsType = "nfs4";
+      options = netOpts;
+    };
+    "elder" = {
+      device = "[${elder.config.deployment.targetHost}]:/storage";
+      mountPoint = "/network/Elder";
+      fsType = "nfs4";
+      options = netOpts;
+    };
     "prophet" = {
-      enable = lib.mkDefault false;
       device = "[${prophet.config.deployment.targetHost}]:/storage";
       mountPoint = "/network/Prophet";
       fsType = "nfs4";

modules/system/users/main/default.nix

@@ -7,14 +7,8 @@
     hashedPassword = config.secrets.accPass.main;
     openssh.authorizedKeys.keyFiles = [
       ../../../../hosts/tower/id_ed25519.pub
-      ../../../../hosts/detritus/id_ed25519.pub
-
       ../../../../hosts/intuos/id_ed25519.pub
       ../../../../hosts/jupiter/id_ed25519.pub
-
-      ../../../../hosts/midas/id_ed25519.pub
-      ../../../../hosts/kitty/id_ed25519.pub
-      ../../../../hosts/prophet/id_ed25519.pub
     ];
     openssh.authorizedKeys.keys = [ 
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3B9Uf3h5JiD2HjF/vQ5Zx9pibMgRrlf7ZoBktev9eB Warden"