2024-11-17 20:28:14 +01:00
|
|
|
{
|
2024-11-17 21:14:36 +01:00
|
|
|
modulesPath,
|
|
|
|
lib,
|
|
|
|
pkgs,
|
|
|
|
...
|
|
|
|
}:
|
|
|
|
{
|
2024-11-22 18:05:37 +01:00
|
|
|
imports = [
|
|
|
|
(modulesPath + "/profiles/qemu-guest.nix")
|
|
|
|
./fs.nix
|
|
|
|
];
|
2024-11-17 20:28:14 +01:00
|
|
|
|
2024-11-17 21:14:36 +01:00
|
|
|
config = {
|
2024-11-17 21:16:40 +01:00
|
|
|
time.timeZone = "Europe/Amsterdam";
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
|
2024-11-17 21:14:36 +01:00
|
|
|
#Provide a default hostname
|
|
|
|
networking.hostName = lib.mkDefault "base";
|
|
|
|
|
|
|
|
# Enable QEMU Guest for Proxmox
|
|
|
|
services.qemuGuest.enable = lib.mkDefault true;
|
|
|
|
|
2024-11-22 18:05:37 +01:00
|
|
|
boot.loader.systemd-boot.enable = true;
|
2024-11-17 21:14:36 +01:00
|
|
|
|
|
|
|
# Allow remote updates with flakes and non-root users
|
|
|
|
nix.settings.trusted-users = [
|
|
|
|
"root"
|
|
|
|
"@wheel"
|
|
|
|
];
|
|
|
|
nix.settings.experimental-features = [
|
|
|
|
"nix-command"
|
|
|
|
"flakes"
|
|
|
|
];
|
|
|
|
|
2024-11-22 16:03:21 +01:00
|
|
|
# Set up user for remote admin
|
|
|
|
users.users."maintenance" = {
|
|
|
|
isNormalUser = true;
|
|
|
|
group = "maintenance";
|
|
|
|
extraGroups = [ "wheel" ];
|
2024-11-22 18:05:37 +01:00
|
|
|
openssh.authorizedKeys.keyFiles = [ ../../authorized_keys ];
|
2024-11-22 16:03:21 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
users.groups."maintenance" = {};
|
|
|
|
|
2024-11-17 21:14:36 +01:00
|
|
|
# Enable mDNS for `hostname.local` addresses
|
|
|
|
services.avahi.enable = true;
|
2024-11-22 18:05:37 +01:00
|
|
|
services.avahi.nssmdns4 = true;
|
2024-11-17 21:14:36 +01:00
|
|
|
services.avahi.publish = {
|
|
|
|
enable = true;
|
|
|
|
addresses = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
# Some sane packages we need on every system
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
vim
|
|
|
|
git
|
2024-11-22 20:34:32 +01:00
|
|
|
ceph-client
|
2024-11-17 21:14:36 +01:00
|
|
|
];
|
|
|
|
|
|
|
|
# Don't ask for passwords
|
|
|
|
security.sudo.wheelNeedsPassword = false;
|
|
|
|
|
|
|
|
# Enable ssh
|
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
|
|
|
settings.PasswordAuthentication = false;
|
|
|
|
settings.KbdInteractiveAuthentication = false;
|
|
|
|
};
|
|
|
|
programs.ssh.startAgent = true;
|
|
|
|
|
2024-11-22 18:05:37 +01:00
|
|
|
environment.persistence."/persistent" = {
|
|
|
|
enable = true;
|
|
|
|
hideMounts = true;
|
|
|
|
directories = [
|
|
|
|
"/var/log"
|
|
|
|
"/var/lib/nixos"
|
|
|
|
"/var/lib/systemd/coredump"
|
|
|
|
"/etc/nixos"
|
|
|
|
];
|
|
|
|
files = [
|
|
|
|
"/etc/machine-id"
|
2024-11-22 20:19:47 +01:00
|
|
|
# SSH Server
|
2024-11-22 20:27:08 +01:00
|
|
|
"/etc/ssh/ssh_host_ed25519_key"
|
|
|
|
"/etc/ssh/ssh_host_ed25519_key.pub"
|
|
|
|
"/etc/ssh/ssh_host_rsa_key"
|
|
|
|
"/etc/ssh/ssh_host_rsa_key.pub"
|
2024-11-22 20:19:47 +01:00
|
|
|
# Ceph Client
|
2024-11-22 20:29:51 +01:00
|
|
|
"/etc/ceph/ceph.client.vm.keyring"
|
2024-11-22 18:05:37 +01:00
|
|
|
];
|
2024-11-17 21:14:36 +01:00
|
|
|
};
|
|
|
|
|
2024-11-22 20:19:47 +01:00
|
|
|
services.ceph = {
|
|
|
|
enable = true;
|
|
|
|
global = {
|
|
|
|
fsid = "b9b22d11-3492-49a6-92b7-b36cdf0161fe";
|
|
|
|
monHost = "v2:192.168.1.239:3300/0,v1:192.168.1.239:6789/0";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-11-22 20:55:14 +01:00
|
|
|
# Resize partition on boot
|
|
|
|
systemd.repart.partitions = {
|
|
|
|
"00-esp" = {
|
|
|
|
Type = "esp";
|
|
|
|
SizeMinBytes = "550M";
|
|
|
|
SizeMaxBytes = "550M";
|
|
|
|
Format = "vfat";
|
|
|
|
};
|
|
|
|
"10-root" = {
|
|
|
|
Type = "linux-generic";
|
|
|
|
Format = "btrfs";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
boot.initrd = {
|
|
|
|
# Ensure `sgdisk` is included in the initrd
|
|
|
|
packages = [ pkgs.gdisk ];
|
|
|
|
|
|
|
|
# Custom systemd units in the initrd
|
|
|
|
systemd = {
|
|
|
|
enable = true;
|
|
|
|
units = {
|
|
|
|
"resize-gpt.service" = {
|
|
|
|
description = "Resize GPT to use full disk size";
|
|
|
|
wants = [ "systemd-repart.service" ];
|
|
|
|
before = [ "systemd-repart.service" ];
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "oneshot";
|
|
|
|
ExecStart = "/run/current-system/sw/bin/sgdisk --move-second-header /dev/sdX";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
"systemd-repart.service".wants = [ "resize-gpt.service" ];
|
|
|
|
};
|
|
|
|
repart = {
|
|
|
|
enable = true;
|
|
|
|
device = "/dev/sda";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-11-17 21:14:36 +01:00
|
|
|
system.stateVersion = lib.mkDefault "24.05";
|
|
|
|
};
|
2024-11-17 20:28:14 +01:00
|
|
|
}
|