Lebesque Configuration.

2025-02-03 13:00:31 -06:00 · 2025-02-03 13:00:31 -06:00 · 859556d0e6
commit 859556d0e6
parent b2595f1936
18 changed files with 386 additions and 50 deletions
--- a/machines/lebesgue/config/configuration.nix
+++ b/machines/lebesgue/config/configuration.nix
@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  foehammer = {
+    users.admin = {
+      enable = true;
+      hashedPasswordFile = config.sops.secrets.admin-password.path;
+    };
+  };
+
+  services.tailscale = {
+    enable = true;
+    authKeyFile = config.sops.secrets.tskey.path;
+    openFirewall = true;
+  };
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  networking.firewall.allowedTCPPorts = [22];
+  networking.firewall.trustedInterfaces = ["tailscale0"];
+
+  system.stateVersion = "24.11";
+}
--- a/machines/lebesgue/config/hardware-configuration.nix
+++ b/machines/lebesgue/config/hardware-configuration.nix
@ -0,0 +1,51 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  services.qemuGuest.enable = true;
+
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = [];
+  boot.extraModulePackages = [];
+  boot.supportedFilesystems = ["btrfs"];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/NIXROOT";
+    fsType = "btrfs";
+    options = ["subvol=root" "defaults" "noatime" "compress=zstd:1" "discard=async" "nodatacow"];
+  };
+
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-label/NIXROOT";
+    fsType = "btrfs";
+    neededForBoot = true;
+    options = ["subvol=nix" "defaults" "noatime" "compress=zstd:3" "discard=async" "nodatacow"];
+  };
+
+  fileSystems."/persist" = {
+    device = "/dev/disk/by-label/NIXROOT";
+    fsType = "btrfs";
+    neededForBoot = true;
+    options = ["subvol=persist" "defaults" "noatime" "compress=zstd:1" "discard=async" "nodatacow"];
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/NIXBOOT";
+    fsType = "vfat";
+    options = ["fmask=0077" "dmask=0077"];
+  };
+
+  swapDevices = [];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
--- a/machines/lebesgue/config/secrets.nix
+++ b/machines/lebesgue/config/secrets.nix
@ -0,0 +1,10 @@
+{...}: {
+  sops = {
+    defaultSopsFile = ../secrets/main.yaml;
+
+    secrets = {
+      admin-password.neededForUsers = true;
+      tskey = {};
+    };
+  };
+}