update nix config

2025-08-12 11:53:58 -07:00 · 2025-08-12 11:53:58 -07:00 · 07b7f0cc1f
commit 07b7f0cc1f
parent f610209aff
34 changed files with 388 additions and 240 deletions
--- a/hosts/vps/boot.nix
+++ b/hosts/vps/boot.nix
@ -0,0 +1,6 @@
+{
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/vda";
+  boot.loader.grub.useOSProber = false;
+  boot.loader.grub.enableCryptodisk = true;
+}
--- a/hosts/vps/default.nix
+++ b/hosts/vps/default.nix
@ -0,0 +1,34 @@
+{ pkgs, inputs, config, lib, ... }:
+
+{
+  imports =
+    [
+    ./boot.nix
+    ./hardware.nix
+    ./server_config.nix
+    ../../modules/common
+    ../../modules/networking/ssh.nix
+    ../../modules/user
+    ../../modules/apps/00_tui_base.nix
+    ../../modules/dev/docker.nix
+     inputs.home-manager.nixosModules.default
+     inputs.sops-nix.nixosModules.sops
+    ];
+
+  config = {
+
+    ### USER ###
+    user = "vps";
+    host = "vps";
+    sops_file = "vps.yaml";
+
+    rootless_docker = true;
+
+    ### NETWORKING ###
+    networking.enableIPv6 = false;
+    # firewall config in server_config
+
+    system.stateVersion = "25.05";
+  };
+}
+
--- a/hosts/vps/hardware.nix
+++ b/hosts/vps/hardware.nix
@ -0,0 +1,44 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/f22c3def-a743-4861-a98d-569cab10b34c";
+      fsType = "ext4";
+    };
+
+  # Setup keyfile
+  boot.initrd = {
+    secrets."/boot/crypto_keyfile.bin" = null;
+    luks.devices."luks-d05cd87b-ba29-4daf-ad6a-c58b857026a9" = {
+      keyFile = "/boot/crypto_keyfile.bin";
+      device = "/dev/disk/by-uuid/d05cd87b-ba29-4daf-ad6a-c58b857026a9";
+    };
+  };
+
+  swapDevices =
+    [{
+      device = "/var/lib/swapfile";
+      size = 4*1024;
+    }];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}