new server configuration

2026-01-07 16:47:23 +08:00 · 2024-02-13 03:48:02 -05:00 · 2024-02-13 03:48:02 -05:00 · 3985d4fb87
commit 3985d4fb87
parent d4367ea7e0
2 changed files with 56 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -68,6 +68,17 @@
      flake = {
        # Configurations for Linux (NixOS) systems
        nixosConfigurations = {
+          immediacy = self.nixos-flake.lib.mkLinuxSystem {
+            imports = [
+              self.nixosModules.default # Defined in nixos/default.nix
+              ./systems/hetzner/ax41.nix
+              ./nixos/server/harden.nix
+            ];
+            services.tailscale.enable = true;
+            #sops.defaultSopsFile = ./secrets.json;
+            #sops.defaultSopsFormat = "json";
+          };
+
          actual = self.nixos-flake.lib.mkLinuxSystem {
            imports = [
              self.nixosModules.default # Defined in nixos/default.nix
--- a/systems/hetzner/ax41.nix
+++ b/systems/hetzner/ax41.nix
@ -0,0 +1,45 @@
+{ flake, modulesPath, lib, ... }: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    flake.inputs.disko.nixosModules.disko
+    ./nixos-container.nix
+  ];
+  system.stateVersion = "23.11";
+  services.openssh.enable = true;
+  boot = {
+    loader.grub = {
+      devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
+      efiSupport = true;
+      efiInstallAsRemovable = true;
+    };
+    initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
+    binfmt.emulatedSystems = [ "aarch64-linux" ]; # For cross-compiling, https://discourse.nixos.org/t/how-do-i-cross-compile-a-flake/12062/4?u=srid
+  };
+  nixpkgs.hostPlatform = "x86_64-linux";
+  hardware = {
+    cpu.intel.updateMicrocode = true;
+    enableRedistributableFirmware = true;
+  };
+
+  networking = {
+    hostName = "immediacy";
+    useDHCP = false;
+    interfaces."eth0".ipv4.addresses = [
+      {
+        address = "65.109.35.172"; # your IPv4 here
+        prefixLength = 24;
+      }
+    ];
+    interfaces."eth0".ipv6.addresses = [
+      {
+        address = "2a01:4f9:5a:2120::2"; # Your IPv6 here
+        prefixLength = 64;
+      }
+    ];
+    defaultGateway = "65.109.35.129";  # `ip route | grep default`
+    nameservers = [ "8.8.8.8" ];
+  };
+  disko.devices = import ./disko/two-raids-on-two-disks.nix {
+    inherit lib;
+  };
+}