dot013/nix
1
0
Fork 0
Code Issues Pull Requests Activity

feat(spacestation): new spacestation NAS host

Browse Source
This commit is contained in:
Guz
2026-06-02 14:52:44 -03:00
parent c7b161906a
commit 89dcf9b432
10 changed files with 325 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.ssh/spacestation.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICA6bcTagMSci1oHpXuq8w3LQ7eaR80yjYrjidkIGv3M spacestation login

18
flake.nix
View File

@@ -195,6 +195,24 @@
]
++ commonModules;
};
"spacestation" = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
pkgs-unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
config.allowUnfreePredicate = _: true;
};
inherit inputs self;
};
modules =
[
./hosts/spacestation/configuration.nix
./home/worm/configuration.nix
{users.users."guz".openssh.authorizedKeys.keyFiles = [./.ssh/spacestation.pub];}
]
++ commonModules;
};
};
homeConfigurations = forAllSystems ({

4
home/terminal/configuration.nix
View File

@@ -1,6 +1,4 @@
{
config,
lib,
inputs,
pkgs,
self,
@@ -32,7 +30,7 @@
services.flatpak.enable = true;
# Shell
programs.zsh.enable = true;
# programs.zsh.enable = true;
# SDDM (Display Manager)
services.displayManager.sddm = {

3
home/terminal/home.nix
View File

@@ -29,9 +29,12 @@
blender
blockbench
bitwarden-desktop
# davinci-resolve
inkscape
kdePackages.kdenlive
nextcloud-client
obsidian
openrgb
prismlauncher
javaPackages.compiler.temurin-bin.jdk-25

8
home/terminal/impermanence.nix
View File

@@ -1,6 +1,14 @@
{lib, ...}:
with lib; {
home.persistence."/persist" = {
files = map (d:
if isList d
then {
file = elemAt d 1;
mode = elemAt d 0;
}
else d) [
];
directories = map (d:
if isList d
then {

111
hosts/spacestation/configuration.nix Normal file
View File

@@ -0,0 +1,111 @@
{
config,
inputs,
pkgs,
...
}: {
imports = [
../../secrets.nix
./impermanence.nix
inputs.disko.nixosModules.disko
./disko.nix
./hardware-configuration.nix
./services.nix
];
# GnuPG keyring
programs.gnupg.agent = {
enable = true;
pinentryPackage = pkgs.pinentry-gtk2;
settings.default-cache-ttl = 3600 * 24;
};
# Yet another nix cli helper
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 7d --keep 3";
flake = "/home/guz/Projects/dot013-nix";
};
# QMK keyboard
hardware.keyboard.qmk.enable = true;
services.udev.packages = with pkgs; [via vial];
# Tailscale
services.tailscale.enable = true;
# Networking
networking.hostName = "spacestation";
networking.networkmanager.enable = true;
networking.hostId = builtins.substring 0 8 (
builtins.hashString "sha256" config.networking.hostName
);
# Firewall
networking.firewall.enable = true;
# SSH
services.openssh.enable = true;
services.openssh.settings = {
PasswordAuthentication = false;
PermitRootLogin = "forced-commands-only";
};
# Mosh
programs.mosh.enable = true;
# Locale
time.timeZone = "America/Sao_Paulo";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = let
locale = "pt_BR.UTF-8";
in {
LC_ADDRESS = locale;
LC_IDENTIFICATION = locale;
LC_MEASUREMENT = locale;
LC_MONETARY = locale;
LC_NAME = locale;
LC_NUMERIC = locale;
LC_PAPER = locale;
LC_TELEPHONE = locale;
LC_TIME = locale;
};
# Keyboard
services.xserver.xkb.layout = "br";
console.keyMap = "br-abnt2";
security.polkit.enable = true;
# Nix
nix.settings.experimental-features = ["nix-command" "flakes"];
boot.loader.grub.enable = true;
boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true;
boot.loader.grub.device = "nodev";
boot.loader.grub.mirroredBoots = [
{
devices = ["nodev"];
path = "/boot";
efiSysMountPoint = "/boot";
}
{
devices = ["nodev"];
path = "/boot-fallback";
efiSysMountPoint = "/boot-fallback";
}
];
boot.loader.efi.efiSysMountPoint = "/boot";
boot.initrd.systemd.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.11"; # Did you read the comment?
}

138
hosts/spacestation/disko.nix Normal file
View File

@@ -0,0 +1,138 @@
{
# Bootloader
boot.supportedFilesystems = ["zfs"];
boot.zfs.requestEncryptionCredentials = true;
boot.zfs.forceImportRoot = false;
boot.zfs.devNodes = "/dev/disk/by-id/";
services.zfs.autoScrub.enable = true;
services.zfs.autoScrub.interval = "monthly";
disko.devices = {
disk = let
mkDisk = device: mountpoint: {
type = "disk";
device = device;
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = mountpoint;
mountOptions = ["nofail"];
};
};
zfs = {
end = "-4G";
content = {
type = "zfs";
pool = "zroot";
};
};
swap = {
size = "100%";
content = {
type = "swap";
discardPolicy = "both";
};
};
};
};
};
in {
root = mkDisk "/dev/sda" "/boot";
mirror = mkDisk "/dev/sdb" "/boot-fallback";
};
zpool = {
zroot = {
type = "zpool";
mode = "mirror";
rootFsOptions = {
acltype = "posixacl";
dnodesize = "auto";
canmount = "off";
xattr = "sa";
relatime = "on";
normalization = "formD";
mountpoint = "none";
encryption = "aes-256-gcm";
keyformat = "passphrase";
keylocation = "prompt";
compression = "lz4";
"com.sun:auto-snapshot" = "false";
};
options = {
ashift = "12";
autotrim = "on";
};
datasets = {
"root" = {
type = "zfs_fs";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
keylocation = "prompt";
compression = "zstd";
};
mountpoint = "/";
postCreateHook = "zfs snapshot zroot/root@blank";
};
"nix" = {
type = "zfs_fs";
options = {
mountpoint = "/nix";
compression = "zstd";
};
mountpoint = "/nix";
};
"persist" = {
type = "zfs_fs";
options = {
mountpoint = "/persist";
compression = "zstd";
};
mountpoint = "/persist";
};
"s3" = {
type = "zfs_fs";
options = {
mountpoint = "/var/lib/garage/data";
compression = "lz4";
"com.sun:auto-snapshot" = "false"; # S3/Garage already snapshots
};
mountpoint = "/var/lib/garage/data";
};
};
};
};
};
fileSystems."/" = {
device = "zroot/root";
fsType = "zfs";
neededForBoot = true;
options = ["zfsutil"];
};
fileSystems."/nix" = {
device = "zroot/nix";
fsType = "zfs";
neededForBoot = true;
options = ["zfsutil"];
};
fileSystems."/persist" = {
device = "zroot/persist";
fsType = "zfs";
neededForBoot = true;
options = ["zfsutil"];
};
fileSystems."/var/lib/garage/data" = {
device = "zroot/s3";
fsType = "zfs";
options = ["zfsutil"];
};
}

19
hosts/spacestation/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,19 @@
{
config,
lib,
modulesPath,
...
}:
with lib; {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
swapDevices = [];
nixpkgs.hostPlatform = mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware;
}

25
hosts/spacestation/impermanence.nix Normal file
View File

@@ -0,0 +1,25 @@
{inputs, ...}: {
imports = [
inputs.impermanence.nixosModules.impermanence
];
environment.persistence."/persist" = {
enable = true;
hideMounts = true;
directories = [
"/etc/nixos"
"/etc/NetworkManager/system-connections"
"/etc/secureboot"
"/var/db/sudo"
"/var/keys"
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/lib/tailscale"
"/var/lib/garage"
];
files = [
"/etc/machine-id"
];
};
}

1
hosts/spacestation/services.nix Normal file
View File

@@ -0,0 +1 @@
{...}: {}