From 8e5d3a8fcd6893bcd4903cc9b7bfe96f6486d7c6 Mon Sep 17 00:00:00 2001 From: Preston Pan Date: Mon, 3 Feb 2025 15:35:10 -0800 Subject: Add spontaneity system; add port to firewall --- config/nix.org | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 72 insertions(+), 5 deletions(-) (limited to 'config/nix.org') diff --git a/config/nix.org b/config/nix.org index d224180..a3150f4 100644 --- a/config/nix.org +++ b/config/nix.org @@ -95,7 +95,16 @@ so that adding new configurations that add modifications is made simple. spontaneity = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = attrs; - modules = []; + modules = [ + lanzaboote.nixosModules.lanzaboote + disko.nixosModules.disko + home-manager.nixosModules.home-manager + sops-nix.nixosModules.sops + { nixpkgs.overlays = [ nur.overlays.default ]; } + { home-manager.extraSpecialArgs = attrs; } + ./modules/vda-simple.nix + ./systems/spontaneity/default.nix + ]; }; }; }; @@ -692,7 +701,7 @@ because they enhance security. # wifi.macAddress = ""; }; firewall = { - allowedTCPPorts = [ 11434 ]; + allowedTCPPorts = [ 22 11434 ]; allowedUDPPorts = [ ]; }; }; @@ -803,7 +812,7 @@ because they enhance security. users.users = { root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSshvS1N/42pH9Unp3Zj4gjqs9BXoin99oaFWYHXZDJ preston@preston-arch" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell" ]; git = { @@ -907,6 +916,45 @@ For my nvme drives. }; } #+end_src +*** VDA +For my virtual machines. +#+begin_src nix :tangle ../nix/modules/vda-simple.nix +{ + disko.devices = { + disk = { + my-disk = { + device = "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + priority = 1; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + priority = 2; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} +#+end_src ** Home Time for my home user configuration, which is managed by home-manager. First we start off with this module to enter us into the home-manager namespace: @@ -2573,6 +2621,8 @@ This is pretty understandable, if you understand all the above. } #+end_src ** Affinity +This is my configuration for my workstation. It runs ollama, as well +as several other useful services. #+begin_src nix :tangle ../nix/systems/affinity/default.nix { config, lib, home-manager, ... }: { @@ -2581,14 +2631,31 @@ This is pretty understandable, if you understand all the above. ]; config.monorepo = { profiles = { - server.enable = true; - cuda.enable = true; + server.enable = true; + cuda.enable = true; }; vars.hostName = "affinity"; }; config.home-manager.users."${config.monorepo.vars.userName}".monorepo.profiles.cuda.enable = true; } #+end_src +** Spontaneity +Spontaneity is my VPS instance. +#+begin_src nix :tangle ../nix/systems/spontaneity/default.nix + { config, lib, ... }: + { + imports = [ + ../../modules/default.nix + ]; + config.monorepo = { + profiles = { + home.enable = false; + server.enable = true; + }; + vars.hostName = "spontaneity"; + }; + } +#+end_src ** Installer My installer installs my systems almost completely without interaction. You can also make them install the exact version of the system that you want it to by pinning the commits to make it -- cgit