From 7bdf539d5a413eb3b58d3746775690cf8763fd1f Mon Sep 17 00:00:00 2001 From: foxora Date: Thu, 21 May 2026 00:38:01 +0100 Subject: [PATCH] added more servers waow :3 --- groups/servers/default.nix | 5 +- hosts/arcturus/default.nix | 10 +- .../{configuration.nix => default.nix} | 83 +++++++---- hosts/delphinus/hardware-configuration.nix | 37 ++--- hosts/lunata/default.nix | 106 ++++++++++++++ hosts/lunata/hardware-configuration.nix | 31 ++++ hosts/lyra/default.nix | 4 +- snow.nix | 134 +++++++++++++++--- vms/equinox/default.nix | 73 ++++++++++ 9 files changed, 408 insertions(+), 75 deletions(-) rename hosts/delphinus/{configuration.nix => default.nix} (59%) create mode 100644 hosts/lunata/default.nix create mode 100644 hosts/lunata/hardware-configuration.nix create mode 100644 vms/equinox/default.nix diff --git a/groups/servers/default.nix b/groups/servers/default.nix index aea0e86..5b7453b 100644 --- a/groups/servers/default.nix +++ b/groups/servers/default.nix @@ -1,8 +1,11 @@ -{...}: { +{pkgs, ...}: { nix.settings = { trusted-users = ["root" "@wheel"]; }; + # default kernel to use + boot.kernelPackages = pkgs.linuxPackages_6_12; + security = { sudo = { enable = true; diff --git a/hosts/arcturus/default.nix b/hosts/arcturus/default.nix index 0f2ab89..78be192 100644 --- a/hosts/arcturus/default.nix +++ b/hosts/arcturus/default.nix @@ -13,7 +13,7 @@ }; boot = { - kernelPackages = pkgs.linuxPackages_6_12; + # kernel is defined in `groups/servers/default.nix` loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; @@ -123,6 +123,14 @@ ]; }; + programs = { + nh = { + enable = true; + clean.enable = true; + clean.extraArgs = "--keep-since 14d --keep 8"; + }; + }; + environment = { systemPackages = with pkgs; [ neovim diff --git a/hosts/delphinus/configuration.nix b/hosts/delphinus/default.nix similarity index 59% rename from hosts/delphinus/configuration.nix rename to hosts/delphinus/default.nix index 10d1bdb..82296aa 100644 --- a/hosts/delphinus/configuration.nix +++ b/hosts/delphinus/default.nix @@ -1,17 +1,12 @@ -{ - config, - lib, - pkgs, - ... -}: { +{pkgs, ...}: { imports = [ ./hardware-configuration.nix ]; - networking.hostName = "delphinus"; - boot = { - kernelPackages = pkgs.linuxPackages_latest; + # kernel is defined in `groups/servers/default.nix` + kernelParams = ["console=ttyS0,19200n8"]; + loader = { timeout = 10; grub = { @@ -27,15 +22,28 @@ }; }; + networking.hostName = "delphinus"; + networking = { networkmanager.enable = true; - useDHCP = false; usePredictableInterfaceNames = false; + useDHCP = false; + + interfaces.eth0 = { + useDHCP = true; + + # linode expects ipv6 privacy extensions to be disabled: + # https://www.linode.com/docs/guides/manual-network-configuration/#static-vs-dynamic-addressing + tempAddress = "disabled"; + }; + nftables.enable = true; firewall = { enable = true; - allowedTCPPorts = [6767]; + allowedTCPPorts = [ + 4070 + ]; allowedUDPPorts = []; }; }; @@ -48,38 +56,51 @@ keyMap = "us"; }; - users.users.fox = { - isNormalUser = true; - extraGroups = ["wheel"]; - packages = with pkgs; [ - tree - ]; - - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPGwai/gXJOJZQujpk0BSwdjSe2as3pT567bYhzjaQ4M aurora@nixarawrui" - ]; - }; - services = { openssh = { enable = true; - ports = [6767]; + ports = [4070]; settings = { PasswordAuthentication = false; PermitRootLogin = "no"; - AllowUsers = ["fox"]; - UseDns = false; # disable rDNS lookup + AllowUsers = ["foxora"]; + UseDns = false; # enables rDNS lookup X11Forwarding = false; }; }; }; - environment.systemPackages = with pkgs; [ - neovim - git - wget - ]; + users.users.foxora = { + isNormalUser = true; + extraGroups = ["wheel"]; + + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPGwai/gXJOJZQujpk0BSwdjSe2as3pT567bYhzjaQ4M aurora@nixarawrui" + ]; + + packages = with pkgs; []; + }; + + programs = { + nh = { + enable = true; + clean.enable = true; + clean.extraArgs = "--keep-since 7d --keep 3"; + }; + }; + + environment = { + systemPackages = with pkgs; [ + neovim + git + wget + ]; + + variables = { + EDITOR = "nvim"; + }; + }; system.stateVersion = "25.11"; } diff --git a/hosts/delphinus/hardware-configuration.nix b/hosts/delphinus/hardware-configuration.nix index b5f284f..39b9f6b 100644 --- a/hosts/delphinus/hardware-configuration.nix +++ b/hosts/delphinus/hardware-configuration.nix @@ -1,26 +1,31 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["virtio_pci" "virtio_scsi" "ahci" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["virtio_net"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/sda"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/sda"; + fsType = "ext4"; + autoResize = true; + }; - swapDevices = - [ { device = "/dev/sdb"; } - ]; + swapDevices = [ + {device = "/dev/sdb";} + ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } diff --git a/hosts/lunata/default.nix b/hosts/lunata/default.nix new file mode 100644 index 0000000..93a5a9b --- /dev/null +++ b/hosts/lunata/default.nix @@ -0,0 +1,106 @@ +{pkgs, ...}: { + imports = [ + ./hardware-configuration.nix + ]; + + boot = { + # kernel is defined in `groups/servers/default.nix` + kernelParams = ["console=ttyS0,19200n8"]; + + loader = { + timeout = 10; + grub = { + enable = true; + forceInstall = true; + device = "nodev"; + extraConfig = '' + serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1; + terminal_input serial; + terminal_output serial + ''; + }; + }; + }; + + networking.hostName = "lunata"; + + networking = { + networkmanager.enable = true; + usePredictableInterfaceNames = false; + useDHCP = false; + + interfaces.eth0 = { + useDHCP = true; + + # linode expects ipv6 privacy extensions to be disabled: + # https://www.linode.com/docs/guides/manual-network-configuration/#static-vs-dynamic-addressing + tempAddress = "disabled"; + }; + + nftables.enable = true; + + firewall = { + enable = true; + allowedTCPPorts = [ + 4070 + ]; + allowedUDPPorts = []; + }; + }; + + time.timeZone = "Europe/London"; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + + services = { + openssh = { + enable = true; + + ports = [4070]; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "no"; + AllowUsers = ["foxora"]; + UseDns = false; # enables rDNS lookup + X11Forwarding = false; + }; + }; + }; + + users.users.foxora = { + isNormalUser = true; + extraGroups = ["wheel"]; + + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyGwJ782W9Bk9u9kFqY6Ky8KxOvwna32dppOcAgT8n9 aurora@nixarawrui" + ]; + + packages = with pkgs; []; + }; + + programs = { + nh = { + enable = true; + clean.enable = true; + clean.extraArgs = "--keep-since 7d --keep 3"; + }; + }; + + environment = { + systemPackages = with pkgs; [ + neovim + git + wget + ]; + + variables = { + EDITOR = "nvim"; + }; + }; + + system.stateVersion = "25.11"; +} diff --git a/hosts/lunata/hardware-configuration.nix b/hosts/lunata/hardware-configuration.nix new file mode 100644 index 0000000..39b9f6b --- /dev/null +++ b/hosts/lunata/hardware-configuration.nix @@ -0,0 +1,31 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = ["virtio_pci" "virtio_scsi" "ahci" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["virtio_net"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/sda"; + fsType = "ext4"; + autoResize = true; + }; + + swapDevices = [ + {device = "/dev/sdb";} + ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/lyra/default.nix b/hosts/lyra/default.nix index 9a1f982..c552c1b 100644 --- a/hosts/lyra/default.nix +++ b/hosts/lyra/default.nix @@ -13,7 +13,7 @@ }; boot = { - kernelPackages = pkgs.linuxPackages_6_12; + # kernel is defined in `groups/servers/default.nix` loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; @@ -51,7 +51,6 @@ virtualisation = { podman = { enable = true; - dockerCompat = true; defaultNetwork.settings.dns_enabled = true; }; }; @@ -74,7 +73,6 @@ enable = true; clean.enable = true; clean.extraArgs = "--keep-since 14d --keep 8"; - flake = "/etc/nixos"; }; }; diff --git a/snow.nix b/snow.nix index 8a63ff9..2194a5d 100644 --- a/snow.nix +++ b/snow.nix @@ -42,6 +42,69 @@ cerulean.mkNexus ./. (self: { { microvm.vms = { + equinox = { + autostart = true; + + config = {config, ...}: { + imports = [./vms/equinox/default.nix]; + + networking.hostName = "equinox"; + + microvm = { + hypervisor = "qemu"; + mem = 48 * 1024; # 48GB + vcpu = 16; + + interfaces = [ + { + type = "tap"; + id = "vm-equinox"; + mac = "0a:00:a0:70:01:02"; + } + ]; + + writableStoreOverlay = "/nix/.rw-store"; + + volumes = [ + { + image = "data.img"; + mountPoint = "/home/foxora"; + autoCreate = true; + size = 256 * 1024; # 256GB + } + { + image = "nix-store-overlay.img"; + mountPoint = config.microvm.writableStoreOverlay; + size = 8 * 1024; # 8GB + } + ]; + + shares = [ + { + # shares the host's nix store with the vm + # to prevent huge images + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } + ]; + }; + + systemd.network.enable = true; + systemd.network.networks."20-lan" = { + matchConfig.Type = "ether"; + networkConfig = { + Address = ["10.16.1.42/24"]; + Gateway = "10.16.1.1"; + DNS = ["10.16.1.1"]; + IPv6AcceptRA = true; + DHCP = "yes"; + }; + }; + }; + }; + home-assistant = { autostart = true; @@ -50,30 +113,13 @@ cerulean.mkNexus ./. (self: { networking.hostName = "home-assistant"; - boot.kernelParams = [ - "console=ttyS0" - "console=ttyS1" - "8250.nr_uarts=2" - ]; - systemd.services."serial-getty@ttyS1".enable = true; - microvm = { hypervisor = "qemu"; - # needed to get interface working - qemu.extraArgs = [ - "-monitor" - "unix:/var/lib/microvms/home-assistant/monitor.sock,server,nowait" - "-chardev" - "socket,id=serial1,path=/var/lib/microvms/home-assistant/serial.sock,server=on,wait=off" - "-serial" - "chardev:serial1" - ]; - # memory cannot be 2GB so i doubled it and used 4GB: # https://github.com/microvm-nix/microvm.nix/issues/171 # TODO: can be fixed by turning off acpi in qemu - mem = 4096; # 4GB + mem = 4 * 1024; # 4GB vcpu = 2; interfaces = [ @@ -85,11 +131,23 @@ cerulean.mkNexus ./. (self: { ]; volumes = [ - #{ - #image = "/var/lib/microvms/home-assistant/data.img"; - #mountPoint = "/var/lib/hass"; - #autoCreate = false; - #} + { + image = "/var/lib/microvms/home-assistant/data.img"; + mountPoint = "/var/lib/hass"; + autoCreate = true; + size = 32 * 1024; # 32GB + } + ]; + + shares = [ + { + # shares the host's nix store with the vm + # to prevent huge images + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } ]; }; @@ -130,6 +188,36 @@ cerulean.mkNexus ./. (self: { user = "foxora"; }; }; + + lunata = { + system = "x86_64-linux"; + + groups = [ + groups.servers + ]; + + deploy.ssh = { + remoteBuild = false; + host = "176.58.114.228"; + port = 4070; + user = "foxora"; + }; + }; + + delphinus = { + system = "x86_64-linux"; + + groups = [ + groups.servers + ]; + + deploy.ssh = { + remoteBuild = false; + host = "172.233.47.244"; + port = 4070; + user = "foxora"; + }; + }; }; }; }) diff --git a/vms/equinox/default.nix b/vms/equinox/default.nix new file mode 100644 index 0000000..d31facc --- /dev/null +++ b/vms/equinox/default.nix @@ -0,0 +1,73 @@ +{pkgs, ...}: { + nix.settings.experimental-features = ["nix-command" "flakes"]; + + networking = { + useNetworkd = false; + networkmanager.enable = false; + useDHCP = false; + + nftables.enable = true; + + firewall = { + enable = true; + allowedTCPPorts = [ + 2222 + ]; + allowedUDPPorts = []; + }; + }; + + services = { + openssh = { + enable = true; + + ports = [2222]; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "no"; + AllowUsers = ["foxora"]; + UseDns = false; # enables rDNS lookup + X11Forwarding = false; + }; + }; + }; + + virtualisation.containers.enable = true; + virtualisation = { + podman = { + enable = true; + defaultNetwork.settings.dns_enabled = true; + }; + }; + + users.users.foxora = { + isNormalUser = true; + extraGroups = ["wheel"]; + + packages = with pkgs; [ + tree + ]; + + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVzP3nOFprtX2Gpeq0myQXC0kifNCLmpVaxjELfRFlQ aurora@nixarawrui" + ]; + }; + + # ensures that the mount for "/home/foxora" has the correct permissions + systemd.tmpfiles.rules = [ + "d /home/foxora 0700 foxora users -" + ]; + + environment = { + systemPackages = with pkgs; [ + neovim + wget + ]; + + variables = { + EDITOR = "nvim"; + }; + }; + + system.stateVersion = "25.11"; +}