+4

README.md

reviewed

··· 96 96 restic init --repo /srv/restic-repo 97 97 ``` 98 98 99 99 + ## Deploy server 100 100 + 101 101 + nixos-anywhere --flake .#weird-row-server <user>@<ip> 102 102 + 99 103 --- 100 104 101 105 Milo Moisson © 2023-2025

+2

nixos/fragments/nix.nix

reviewed

··· 57 57 58 58 keep-going = true; 59 59 60 60 + extra-platforms = config.boot.binfmt.emulatedSystems; 61 61 + 60 62 trusted-users = [ config.local.user.username ]; 61 63 extra-substituters = [ 62 64 "https://nix-community.cachix.org"

+10 -33

nixos/layout/ext4-hetzner.nix

reviewed

··· 6 6 cfg = config.local.disk; 7 7 in 8 8 { 9 9 - options = { }; 10 10 - 11 9 config.disko.devices.disk.primary = { 10 10 + type = "disk"; 12 11 device = cfg.device; 13 12 content = { 14 13 type = "gpt"; 15 14 partitions = { 15 15 + boot = { 16 16 + size = "1M"; 17 17 + type = "EF02"; 18 18 + priority = 1; 19 19 + }; 16 20 ESP = { 17 21 size = "512M"; 18 22 type = "EF00"; ··· 22 26 mountpoint = "/boot"; 23 27 }; 24 28 }; 25 25 - luks = { 29 29 + root = { 26 30 size = "100%"; 27 31 content = { 28 28 - type = "luks"; 29 29 - # TODO: change to encrypted 30 30 - name = "crypted"; 31 31 - settings = { 32 32 - allowDiscards = true; 33 33 - # yubiKey = I want a YubiKey 34 34 - }; 35 35 - content = { 36 36 - type = "btrfs"; 37 37 - extraArgs = [ "-f" ]; 38 38 - subvolumes = { 39 39 - "/root" = { 40 40 - mountpoint = "/"; 41 41 - mountOptions = [ "compress=zstd" "noatime" ]; 42 42 - }; 43 43 - "/home" = { 44 44 - mountpoint = "/home"; 45 45 - mountOptions = [ "compress=zstd" "noatime" ]; 46 46 - }; 47 47 - "/nix" = { 48 48 - mountpoint = "/nix"; 49 49 - mountOptions = [ "compress=zstd" "noatime" ]; 50 50 - }; 51 51 - "/swap" = { 52 52 - mountpoint = "/.swapvol"; 53 53 - swap.swapfile.size = "${toString cfg.swapSize}G"; 54 54 - }; 55 55 - }; 56 56 - }; 32 32 + type = "filesystem"; 33 33 + format = "ext4"; 34 34 + mountpoint = "/"; 57 35 }; 58 36 }; 59 37 }; 60 38 }; 61 39 }; 62 40 } 63 63 -

-2

nixos/layout/luks-btrfs.nix

reviewed

··· 6 6 cfg = config.local.disk; 7 7 in 8 8 { 9 9 - options = { }; 10 10 - 11 9 config.disko.devices.disk.primary = { 12 10 device = cfg.device; 13 11 content = {

+23 -12

nixos/profiles/server.nix

reviewed

··· 1 1 - { config 2 2 - , pkgs 3 3 - , upkgs 4 4 - , ... 1 1 + { ... 5 2 }: 6 3 7 4 let 8 8 - ext-if = "en0"; 5 5 + ext-if = "eth0"; 9 6 10 10 - external-ip6 = "2a01:4f8:c2c:76d2::/64"; 7 7 + external-ip6 = "2a01:4f8:c2c:76d2::1"; 11 8 external-netmask6 = 64; 12 9 external-gw6 = "fe80::1"; 13 10 in ··· 15 12 imports = [ ]; 16 13 17 14 config = { 18 18 - boot.loader.grub.device = "/dev/nvme0n1"; 15 15 + boot.loader.grub.enable = true; 16 16 + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" "ext4" ]; 19 17 20 18 # Single network card is `eth0` 21 19 networking.usePredictableInterfaceNames = false; ··· 31 29 interface = ext-if; 32 30 address = external-gw6; 33 31 }; 32 32 + 33 33 + # # Rely on Hetzner firewall instead? 34 34 + # firewall.enable = false; 35 35 + firewall.allowedTCPPorts = [ 22 80 443 ]; 34 36 }; 37 37 + 38 38 + services.openssh.enable = true; 35 39 36 40 services.qemuGuest.enable = true; 37 41 ··· 56 60 # services.pds = { 57 61 # enable = true; 58 62 # pdsadmin.enable = true; 59 59 - 60 60 - 61 63 # }; 62 64 63 65 services.caddy = { 64 66 enable = true; 65 67 66 66 - virtualHosts."localhost".extraConfig = '' 67 67 - reverse_proxy https://wirolibre.xyz/ 68 68 + virtualHosts."ping.wiro.world".extraConfig = '' 69 69 + header Content-Type text/html 70 70 + respond <<HTML 71 71 + <html> 72 72 + <head><title>Foo</title></head> 73 73 + <body>Foo</body> 74 74 + </html> 75 75 + HTML 200 68 76 ''; 69 77 }; 70 78 79 79 + security.sudo.wheelNeedsPassword = false; 80 80 + 81 81 + local.fragment.nix.enable = true; 82 82 + 71 83 programs.fish.enable = true; 72 84 }; 73 85 } 74 74 -

+1

shells.nix

reviewed

··· 12 12 lpkgs.agenix 13 13 home-manager 14 14 just 15 15 + nixos-anywhere 15 16 nix-tree 16 17 ]); 17 18