feat: init srv0-dmz0

nix/os/devices/srv0-dmz0/configuration.nix

@@ -0,0 +1,133 @@
+{
+  modulesPath,
+  repoFlake,
+  pkgs,
+  config,
+  ...
+}: let
+  disk = "/dev/disk/by-id/ata-Corsair_Voyager_GTX_21488170000126002051";
+in {
+  disabledModules = [];
+  imports = [
+    repoFlake.inputs.disko.nixosModules.disko
+    repoFlake.inputs.srvos.nixosModules.server
+    (modulesPath + "/profiles/all-hardware.nix")
+
+    repoFlake.inputs.srvos.nixosModules.mixins-terminfo
+    repoFlake.inputs.srvos.nixosModules.mixins-systemd-boot
+
+    repoFlake.inputs.sops-nix.nixosModules.sops
+
+    ../../profiles/common/user.nix
+  ];
+
+  ## bare-metal machines
+  srvos.boot.consoles = ["tty0"];
+  boot.loader.grub.enable = false;
+  boot.loader.efi.canTouchEfiVariables = false;
+
+  disko.devices.disk.main = {
+    device = disk;
+    type = "disk";
+    content = {
+      type = "table";
+      format = "gpt";
+      partitions = [
+        {
+          name = "boot";
+          start = "0";
+          end = "1M";
+          part-type = "primary";
+          flags = ["bios_grub"];
+        }
+        {
+          name = "ESP";
+          start = "1M";
+          end = "512M";
+          bootable = true;
+          content = {
+            type = "filesystem";
+            format = "vfat";
+            mountpoint = "/boot";
+          };
+        }
+        {
+          name = "root";
+          start = "512M";
+          end = "100%";
+          part-type = "primary";
+          bootable = true;
+          content = {
+            type = "btrfs";
+            extraArgs = ["-f"]; # Override existing partition
+            subvolumes = {
+              # Subvolume name is different from mountpoint
+              "/rootfs" = {
+                mountpoint = "/";
+              };
+              "/nix" = {
+                mountOptions = ["noatime"];
+              };
+            };
+          };
+        }
+      ];
+    };
+  };
+
+  hardware.enableAllFirmware = true;
+  nixpkgs.config.allowUnfree = true;
+
+  hardware.enableRedistributableFirmware = true;
+  hardware.cpu.intel.updateMicrocode = true;
+
+  services.openssh.enable = true;
+
+  systemd.network.enable = true;
+  systemd.network.networks."10-lan" = {
+    matchConfig.Name = "eth*";
+    networkConfig = {
+      # enable DHCP for IPv4 *and* IPv6
+      DHCP = "yes";
+
+      # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC)
+      IPv6AcceptRA = true;
+    };
+  };
+  networking.dhcpcd.enable = false;
+
+  networking.firewall.enable = true;
+  networking.firewall.allowedTCPPorts = [
+    22
+
+    # iperf3
+    5201
+  ];
+  networking.firewall.logRefusedConnections = false;
+  networking.usePredictableInterfaceNames = false;
+
+  networking.nat = {
+    enable = true;
+    internalInterfaces = ["ve-+"];
+    externalInterface = "eth0";
+  };
+
+  # Kubernetes
+  # services.kubernetes.roles = ["master" "node"];
+
+  # virtualization
+  # virtualisation = {docker.enable = true;};
+
+  nix.gc = {automatic = true;};
+
+  containers = {
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+}