From eb8e0fa7ccdc2b8b28b344b18ef2f081553f91e9 Mon Sep 17 00:00:00 2001 From: Mike Vink Date: Sat, 25 May 2024 10:20:12 +0200 Subject: add vps again --- machines/pump.nix | 5 +---- machines/serber.nix | 47 +++++++++++++++++++++++++++++++++-------------- 2 files changed, 34 insertions(+), 18 deletions(-) (limited to 'machines') diff --git a/machines/pump.nix b/machines/pump.nix index 4fbada2..87198db 100644 --- a/machines/pump.nix +++ b/machines/pump.nix @@ -36,10 +36,6 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; boot.supportedFilesystems = [ "zfs" ]; boot.zfs.forceImportRoot = false; @@ -48,6 +44,7 @@ fileSystems."/data" = { device = "zpool/data"; fsType = "zfs"; + neededForBoot = true; }; fileSystems."/" = diff --git a/machines/serber.nix b/machines/serber.nix index fc4bb26..6a0f045 100644 --- a/machines/serber.nix +++ b/machines/serber.nix @@ -1,30 +1,51 @@ { modulesPath, lib, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + + services.syncthing.enable = false; + + environment.etc."resolv.conf".source = lib.mkForce "/run/systemd/resolve/resolv.conf"; + services.resolved = { + enable = true; + dnssec = "true"; + domains = [ "~." ]; + dnsovertls = "true"; + }; + + # This file was populated at runtime with the networking + # details gathered from the active system. networking = { - nameservers = [ "8.8.8.8" ]; + nameservers = [ + "1.1.1.1" + "1.0.0.1" + "2606:4700:4700::1111" + "2606:4700:4700::1001" + ]; defaultGateway = "172.31.1.1"; - defaultGateway6 = { address = "fe80::1"; interface = "eth0"; }; + defaultGateway6 = { + address = "fe80::1"; + interface = "eth0"; + }; dhcpcd.enable = false; usePredictableInterfaceNames = lib.mkForce false; interfaces = { eth0 = { ipv4.addresses = [ - { address="65.108.155.179"; prefixLength=32; } + { address="65.109.143.65"; prefixLength=32; } ]; ipv6.addresses = [ - { address="2a01:4f9:c010:d2b5::1"; prefixLength=64; } - { address="fe80::9400:2ff:fe53:8544"; prefixLength=64; } + { address="2a01:4f9:c012:ccc2::1"; prefixLength=64; } + { address="fe80::9400:3ff:fe46:c7bc"; prefixLength=64; } ]; ipv4.routes = [ { address = "172.31.1.1"; prefixLength = 32; } ]; ipv6.routes = [ { address = "fe80::1"; prefixLength = 128; } ]; }; - }; }; - services.udev.extraRules = '' - ATTR{address}=="96:00:02:53:85:44", NAME="eth0" + ATTR{address}=="96:00:03:46:c7:bc", NAME="eth0" + ''; boot.loader.grub.device = "/dev/sda"; @@ -32,13 +53,11 @@ boot.initrd.kernelModules = [ "nvme" ]; fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; - sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - - system.stateVersion = "23.05"; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; - networking.hostName = "vinkies"; - networking.domain = "net"; + networking.hostName = "serber"; + networking.domain = ""; services.openssh.enable = true; - + users.users.root.openssh.authorizedKeys.keys = [''sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPZHOBNQdo5oBnQ8f147QtelhLmYItiruoNfoHF89qrJAAAABHNzaDo='' ]; + system.stateVersion = "23.11"; } -- cgit v1.2.3