infra/nix/os/devices/hstk0/configuration.nix

{
  repoFlake,
  pkgs,
  lib,
  nodeFlake,
  nodeName,
  system,
  ...
}:
{
  disabledModules = [ ];

  imports = [
    nodeFlake.inputs.disko.nixosModules.disko
    repoFlake.inputs.sops-nix.nixosModules.sops

    nodeFlake.inputs.srvos.nixosModules.roles-nix-remote-builder
    {
      roles.nix-remote-builder.schedulerPublicKeys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQ22z5rDdCLYH+MEoEt+tXJXTJqoeZNqvJl2n4aB+Kn steveej@steveej-x13s"

        # TODO: make this a reference to the private key's secret
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8FHuK0k86iBWq41+NAhVwJqH1ZpGJe+q01m7iLviz6 root@steveej-t14"
      ];
    }

    ../../snippets/nix-settings.nix
    { nix.settings.sandbox = lib.mkForce "relaxed"; }

    ../../snippets/mycelium.nix

    # user config
    ../../profiles/common/user.nix
    {
      users.commonUsers = {
        enable = true;
        enableNonRoot = true;
      };
    }

    ../../snippets/home-manager-with-zsh.nix
    # {
    #   home-manager.users.steveej = {pkgs, ...}: {
    #     imports = [
    #       ../../../home-manager/programs/pass.nix
    #       ../../../home-manager/programs/openvscode-server.nix
    #     ];
    #   };
    # }
  ];

  services.openssh = {
    enable = true;
    openFirewall = true;
    settings.PermitRootLogin = "yes";
    extraConfig = ''
      StreamLocalBindUnlink yes
    '';
  };

  boot = {
    kernel = {
      sysctl = {
        "net.ipv4.conf.all.forwarding" = true;
        "net.ipv6.conf.all.forwarding" = true;
      };
    };
  };

  networking = {
    hostName = nodeName;
    useNetworkd = true;
    useDHCP = true;

    nat.enable = true;
    firewall.enable = true;

    firewall.allowedTCPPorts = [ 5201 ];
    firewall.allowedUDPPorts = [ 5201 ];
  };

  disko.devices =
    let
      disk = id: {
        type = "disk";
        device = "/dev/${id}";
        content = {
          type = "gpt";
          partitions = {
            boot = {
              size = "1M";
              type = "EF02"; # for grub MBR
            };
            mdadm = {
              size = "100%";
              content = {
                type = "mdraid";
                name = "raid0";
              };
            };
          };
        };
      };
    in
    {
      disk = {
        sda = disk "sda";
        sdb = disk "sdb";
      };
      mdadm = {
        raid0 = {
          type = "mdadm";
          level = 0;
          content = {
            type = "gpt";
            partitions = {
              primary = {
                size = "100%";
                content = {
                  type = "filesystem";
                  format = "btrfs";
                  mountpoint = "/";
                };
              };
            };
          };
        };
      };
    };

  system.stateVersion = "24.05";

  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.initrd.includeDefaultModules = true;
  boot.initrd.kernelModules = [
    "dm-raid"
    "dm-integrity"
    "xhci_pci_renesas"
  ];

  hardware.enableRedistributableFirmware = true;

  virtualisation.libvirtd.enable = true;

  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
}
rename sj-bm-hostkey0 -> hstk0 2024-07-26 13:47:57 +02:00			`{`
			`repoFlake,`
			`pkgs,`
			`lib,`
			`nodeFlake,`
			`nodeName,`
			`system,`
			`...`
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`}:`
			`{`
			`disabledModules = [ ];`
rename sj-bm-hostkey0 -> hstk0 2024-07-26 13:47:57 +02:00
			`imports = [`
			`nodeFlake.inputs.disko.nixosModules.disko`
			`repoFlake.inputs.sops-nix.nixosModules.sops`

			`nodeFlake.inputs.srvos.nixosModules.roles-nix-remote-builder`
			`{`
			`roles.nix-remote-builder.schedulerPublicKeys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQ22z5rDdCLYH+MEoEt+tXJXTJqoeZNqvJl2n4aB+Kn steveej@steveej-x13s"`

			`# TODO: make this a reference to the private key's secret`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8FHuK0k86iBWq41+NAhVwJqH1ZpGJe+q01m7iLviz6 root@steveej-t14"`
			`];`
			`}`

			`../../snippets/nix-settings.nix`
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`{ nix.settings.sandbox = lib.mkForce "relaxed"; }`
rename sj-bm-hostkey0 -> hstk0 2024-07-26 13:47:57 +02:00
			`../../snippets/mycelium.nix`

			`# user config`
			`../../profiles/common/user.nix`
			`{`
			`users.commonUsers = {`
			`enable = true;`
			`enableNonRoot = true;`
			`};`
			`}`

			`../../snippets/home-manager-with-zsh.nix`
			`# {`
			`# home-manager.users.steveej = {pkgs, ...}: {`
			`# imports = [`
			`# ../../../home-manager/programs/pass.nix`
			`# ../../../home-manager/programs/openvscode-server.nix`
			`# ];`
			`# };`
			`# }`
			`];`

			`services.openssh = {`
			`enable = true;`
			`openFirewall = true;`
			`settings.PermitRootLogin = "yes";`
			`extraConfig = ''`
			`StreamLocalBindUnlink yes`
			`'';`
			`};`

			`boot = {`
			`kernel = {`
			`sysctl = {`
			`"net.ipv4.conf.all.forwarding" = true;`
			`"net.ipv6.conf.all.forwarding" = true;`
			`};`
			`};`
			`};`

			`networking = {`
			`hostName = nodeName;`
			`useNetworkd = true;`
			`useDHCP = true;`

			`nat.enable = true;`
			`firewall.enable = true;`

feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`firewall.allowedTCPPorts = [ 5201 ];`
			`firewall.allowedUDPPorts = [ 5201 ];`
rename sj-bm-hostkey0 -> hstk0 2024-07-26 13:47:57 +02:00			`};`

feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`disko.devices =`
			`let`
			`disk = id: {`
			`type = "disk";`
			`device = "/dev/${id}";`
rename sj-bm-hostkey0 -> hstk0 2024-07-26 13:47:57 +02:00			`content = {`
			`type = "gpt";`
			`partitions = {`
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`boot = {`
			`size = "1M";`
			`type = "EF02"; # for grub MBR`
			`};`
			`mdadm = {`
rename sj-bm-hostkey0 -> hstk0 2024-07-26 13:47:57 +02:00			`size = "100%";`
			`content = {`
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`type = "mdraid";`
			`name = "raid0";`
			`};`
			`};`
			`};`
			`};`
			`};`
			`in`
			`{`
			`disk = {`
			`sda = disk "sda";`
			`sdb = disk "sdb";`
			`};`
			`mdadm = {`
			`raid0 = {`
			`type = "mdadm";`
			`level = 0;`
			`content = {`
			`type = "gpt";`
			`partitions = {`
			`primary = {`
			`size = "100%";`
			`content = {`
			`type = "filesystem";`
			`format = "btrfs";`
			`mountpoint = "/";`
			`};`
rename sj-bm-hostkey0 -> hstk0 2024-07-26 13:47:57 +02:00			`};`
			`};`
			`};`
			`};`
			`};`
			`};`

			`system.stateVersion = "24.05";`

			`boot.kernelPackages = pkgs.linuxPackages_latest;`
			`boot.initrd.includeDefaultModules = true;`
			`boot.initrd.kernelModules = [`
			`"dm-raid"`
			`"dm-integrity"`
			`"xhci_pci_renesas"`
			`];`

			`hardware.enableRedistributableFirmware = true;`

			`virtualisation.libvirtd.enable = true;`

feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`boot.binfmt.emulatedSystems = [ "aarch64-linux" ];`
rename sj-bm-hostkey0 -> hstk0 2024-07-26 13:47:57 +02:00			`}`