commit 9bec900658d1c4168ac9d2e853732618f9d24710 · starhaven.dev/infra

+27

flake.lock

···

       1
       1
       +
       {

     

       2
       2
       +
         "nodes": {

     

       3
       3
       +
           "nixpkgs": {

     

       4
       4
       +
             "locked": {

     

       5
       5
       +
               "lastModified": 1764517877,

     

       6
       6
       +
               "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=",

     

       7
       7
       +
               "owner": "NixOS",

     

       8
       8
       +
               "repo": "nixpkgs",

     

       9
       9
       +
               "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c",

     

       10
       10
       +
               "type": "github"

     

       11
       11
       +
             },

     

       12
       12
       +
             "original": {

     

       13
       13
       +
               "owner": "NixOS",

     

       14
       14
       +
               "ref": "nixos-unstable",

     

       15
       15
       +
               "repo": "nixpkgs",

     

       16
       16
       +
               "type": "github"

     

       17
       17
       +
             }

     

       18
       18
       +
           },

     

       19
       19
       +
           "root": {

     

       20
       20
       +
             "inputs": {

     

       21
       21
       +
               "nixpkgs": "nixpkgs"

     

       22
       22
       +
             }

     

       23
       23
       +
           }

     

       24
       24
       +
         },

     

       25
       25
       +
         "root": "root",

     

       26
       26
       +
         "version": 7

     

       27
       27
       +
       }

+20

flake.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         description = "bates64";

     

       3
       3
       +
       

     

       4
       4
       +
         inputs = {

     

       5
       5
       +
           nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";

     

       6
       6
       +
         };

     

       7
       7
       +
       

     

       8
       8
       +
         outputs =

     

       9
       9
       +
           inputs@{ nixpkgs, ... }:

     

       10
       10
       +
           {

     

       11
       11
       +
             nixosConfigurations = {

     

       12
       12
       +
               kuribo = nixpkgs.lib.nixosSystem {

     

       13
       13
       +
                 system = "aarch64-linux";

     

       14
       14
       +
                 modules = [

     

       15
       15
       +
                   ./servers/kuribo/configuration.nix

     

       16
       16
       +
                 ];

     

       17
       17
       +
               };

     

       18
       18
       +
             };

     

       19
       19
       +
           };

     

       20
       20
       +
       }

+14

modules/auto-upgrade.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         system.autoUpgrade = {

     

       3
       3
       +
           enable = false; # TODO

     

       4
       4
       +
           flake = "git+https://tangled.org/starhaven.dev/infra"; # TODO

     

       5
       5
       +
           flags = [

     

       6
       6
       +
             "-L" # print build logs

     

       7
       7
       +
           ];

     

       8
       8
       +
           allowReboot = true;

     

       9
       9
       +
           rebootWindow = {

     

       10
       10
       +
             lower = "03:00";

     

       11
       11
       +
             upper = "06:00";

     

       12
       12
       +
           };

     

       13
       13
       +
         };

     

       14
       14
       +
       }

+13

modules/gc.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         nix.gc = {

     

       3
       3
       +
           automatic = true;

     

       4
       4
       +
           dates = "weekly";

     

       5
       5
       +
           options = "--delete-older-than 30d -d";

     

       6
       6
       +
         };

     

       7
       7
       +
         nix.extraOptions = ''

     

       8
       8
       +
           min-free = ${toString (100 * 1024 * 1024)}

     

       9
       9
       +
           max-free = ${toString (1024 * 1024 * 1024)}

     

       10
       10
       +
         '';

     

       11
       11
       +
         nix.optimise.automatic = true;

     

       12
       12
       +
         nix.optimise.dates = [ "06:00" ];

     

       13
       13
       +
       }

+42

modules/hetzner-aarch64.nix

···

       1
       1
       +
       # Hardware configuration for Hetzner Ampere VMs

     

       2
       2
       +
       {

     

       3
       3
       +
         lib,

     

       4
       4
       +
         modulesPath,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       7
       7
       +
       {

     

       8
       8
       +
         imports = [

     

       9
       9
       +
           (modulesPath + "/profiles/qemu-guest.nix")

     

       10
       10
       +
         ];

     

       11
       11
       +
         networking.useDHCP = lib.mkDefault true;

     

       12
       12
       +
         nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";

     

       13
       13
       +
         boot.initrd.availableKernelModules = [

     

       14
       14
       +
           "ata_piix"

     

       15
       15
       +
           "uhci_hcd"

     

       16
       16
       +
           "xen_blkfront"

     

       17
       17
       +
         ];

     

       18
       18
       +
         boot.initrd.kernelModules = [

     

       19
       19
       +
           "nvme"

     

       20
       20
       +
           #"virtio_gpu"

     

       21
       21
       +
         ];

     

       22
       22
       +
         boot.kernelParams = [ "console=tty" ];

     

       23
       23
       +
         boot.loader.grub = {

     

       24
       24
       +
           enable = true;

     

       25
       25
       +
           efiSupport = true;

     

       26
       26
       +
           efiInstallAsRemovable = true;

     

       27
       27
       +
           device = "nodev";

     

       28
       28
       +
         };

     

       29
       29
       +
       

     

       30
       30
       +
         # Filesystems made by nixos-infect(?)

     

       31
       31
       +
         fileSystems."/boot" = {

     

       32
       32
       +
           device = "/dev/sda15";

     

       33
       33
       +
           fsType = "vfat";

     

       34
       34
       +
         };

     

       35
       35
       +
         fileSystems."/" = {

     

       36
       36
       +
           device = "/dev/sda1";

     

       37
       37
       +
           fsType = "ext4";

     

       38
       38
       +
         };

     

       39
       39
       +
       

     

       40
       40
       +
         boot.tmp.cleanOnBoot = true;

     

       41
       41
       +
         zramSwap.enable = true;

     

       42
       42
       +
       }

+30

servers/kuribo/configuration.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         imports = [

     

       3
       3
       +
           ../../modules/hetzner-aarch64.nix

     

       4
       4
       +
           ../../modules/auto-upgrade.nix

     

       5
       5
       +
           ../../modules/gc.nix

     

       6
       6
       +
           ../../users/users.nix

     

       7
       7
       +
         ];

     

       8
       8
       +
       

     

       9
       9
       +
         networking.hostName = "kuribo";

     

       10
       10
       +
       

     

       11
       11
       +
         nix.extraOptions = ''

     

       12
       12
       +
           experimental-features = nix-command flakes

     

       13
       13
       +
         '';

     

       14
       14
       +
       

     

       15
       15
       +
         services.openssh = {

     

       16
       16
       +
           enable = true;

     

       17
       17
       +
           settings = {

     

       18
       18
       +
             PasswordAuthentication = false;

     

       19
       19
       +
             PermitRootLogin = "no";

     

       20
       20
       +
           };

     

       21
       21
       +
         };

     

       22
       22
       +
         services.fail2ban.enable = true;

     

       23
       23
       +
       

     

       24
       24
       +
         programs.neovim = {

     

       25
       25
       +
           enable = true;

     

       26
       26
       +
           defaultEditor = true;

     

       27
       27
       +
         };

     

       28
       28
       +
       

     

       29
       29
       +
         system.stateVersion = "25.11";

     

       30
       30
       +
       }

+1

users/bates64.pub

···

       1
       1
       +
       ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINsDTVCIkcFjkaDm5RoWG1uSNJBanUWGmoKHIRHvSsQq alex@bates64.com

+9

users/users.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         users.users = {

     

       3
       3
       +
           bates64 = {

     

       4
       4
       +
             isNormalUser = true;

     

       5
       5
       +
             extraGroups = [ "wheel" ];

     

       6
       6
       +
             openssh.authorizedKeys.keyFiles = [ ./bates64.pub ];

     

       7
       7
       +
           };

     

       8
       8
       +
         };

     

       9
       9
       +
       }