chore: Add base configuration.

2025-05-04 23:29:29 -04:00 · 2025-05-04 23:29:29 -04:00 · 612c7e2f16
commit 612c7e2f16
parent a92de43a60
18 changed files with 700 additions and 10 deletions
--- a/hosts/andromeda/README.md
+++ b/hosts/andromeda/README.md
@ -0,0 +1,3 @@
+# Andromeda: Docker Home Server
+
+This thing handles nearly all traffic for my home network. She has Traefik,
--- a/hosts/andromeda/configuration.nix
+++ b/hosts/andromeda/configuration.nix
@ -0,0 +1,59 @@
+{
+  config,
+  pkgs,
+  lib,
+  outputs,
+  inputs,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+    ../../system/nix.nix
+    ../../system/sops.nix
+    ../../system/impermanence.nix
+    ../../system/sshd.nix
+    ../../system/avahifixes.nix
+    ../../system/i18n.nix
+  ];
+
+  sops.secrets.tera-password.neededForUsers = true;
+  users.mutableUsers = false;
+
+  users.users.tera = {
+    uid = 1000;
+    description = "Tera";
+    home = "/home/tera";
+    hashedPasswordFile = config.sops.secrets.tera-password.path;
+    isNormalUser = true;
+    createHome = true;
+    shell = pkgs.bash;
+
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+      "audio"
+      "docker"
+      "input"
+      "plugdev"
+    ];
+
+    openssh.authorizedKeys.keys = [
+      (builtins.readFile ../../secrets/id_user.pub)
+    ];
+  };
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  networking.hostName = "andromeda";
+  networking.networkmanager.enable = true;
+  boot.supportedFilesystems = [];
+
+  # Services
+  services.docker.enable = true;
+
+  environment.systemPackages = builtins.attrValues {
+    inherit (pkgs.unstable) htop btop micro nano;
+  };
+
+  system.stateVersion = "24.11";
+}
--- a/hosts/andromeda/hardware-configuration.nix
+++ b/hosts/andromeda/hardware-configuration.nix
@ -0,0 +1,29 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "usbhid" "uas" "sd_mod"];
+  boot.initrd.kernelModules = ["dm-snapshot"];
+  boot.kernelModules = [];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp193s0f3u2u3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/milkyway/README.md
+++ b/hosts/milkyway/README.md
@ -0,0 +1,3 @@
+# Milky Way: Remote VPS
+
+This is the gateway from my home network to the public internet.