From 3985d4fb8766d47af8bf59c3685f28a89f4dd564 Mon Sep 17 00:00:00 2001
From: Sridhar Ratnakumar <srid@srid.ca>
Date: Tue, 13 Feb 2024 03:48:02 -0500
Subject: [PATCH] new server configuration

---
 flake.nix                | 11 ++++++++++
 systems/hetzner/ax41.nix | 45 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 systems/hetzner/ax41.nix

diff --git a/flake.nix b/flake.nix
index 8b4af4b..9c78dd3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -68,6 +68,17 @@
       flake = {
         # Configurations for Linux (NixOS) systems
         nixosConfigurations = {
+          immediacy = self.nixos-flake.lib.mkLinuxSystem {
+            imports = [
+              self.nixosModules.default # Defined in nixos/default.nix
+              ./systems/hetzner/ax41.nix
+              ./nixos/server/harden.nix
+            ];
+            services.tailscale.enable = true;
+            #sops.defaultSopsFile = ./secrets.json;
+            #sops.defaultSopsFormat = "json";
+          };
+
           actual = self.nixos-flake.lib.mkLinuxSystem {
             imports = [
               self.nixosModules.default # Defined in nixos/default.nix
diff --git a/systems/hetzner/ax41.nix b/systems/hetzner/ax41.nix
new file mode 100644
index 0000000..289678c
--- /dev/null
+++ b/systems/hetzner/ax41.nix
@@ -0,0 +1,45 @@
+{ flake, modulesPath, lib, ... }: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    flake.inputs.disko.nixosModules.disko
+    ./nixos-container.nix
+  ];
+  system.stateVersion = "23.11";
+  services.openssh.enable = true;
+  boot = {
+    loader.grub = {
+      devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
+      efiSupport = true;
+      efiInstallAsRemovable = true;
+    };
+    initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
+    binfmt.emulatedSystems = [ "aarch64-linux" ]; # For cross-compiling, https://discourse.nixos.org/t/how-do-i-cross-compile-a-flake/12062/4?u=srid
+  };
+  nixpkgs.hostPlatform = "x86_64-linux";
+  hardware = {
+    cpu.intel.updateMicrocode = true;
+    enableRedistributableFirmware = true;
+  };
+
+  networking = {
+    hostName = "immediacy";
+    useDHCP = false;
+    interfaces."eth0".ipv4.addresses = [
+      {
+        address = "65.109.35.172"; # your IPv4 here
+        prefixLength = 24;
+      }
+    ];
+    interfaces."eth0".ipv6.addresses = [
+      {
+        address = "2a01:4f9:5a:2120::2"; # Your IPv6 here
+        prefixLength = 64;
+      }
+    ];
+    defaultGateway = "65.109.35.129";  # `ip route | grep default`
+    nameservers = [ "8.8.8.8" ];
+  };
+  disko.devices = import ./disko/two-raids-on-two-disks.nix {
+    inherit lib;
+  };
+}