From 89dcf9b43280c3fb16be422506f4d05661aa4ca0 Mon Sep 17 00:00:00 2001 From: "Gustavo \"Guz\" L de Mello" Date: Tue, 2 Jun 2026 14:52:44 -0300 Subject: [PATCH] feat(spacestation): new spacestation NAS host --- .ssh/spacestation.pub | 1 + flake.nix | 18 +++ home/terminal/configuration.nix | 4 +- home/terminal/home.nix | 3 + home/terminal/impermanence.nix | 8 + hosts/spacestation/configuration.nix | 111 ++++++++++++++ hosts/spacestation/disko.nix | 138 ++++++++++++++++++ hosts/spacestation/hardware-configuration.nix | 19 +++ hosts/spacestation/impermanence.nix | 25 ++++ hosts/spacestation/services.nix | 1 + 10 files changed, 325 insertions(+), 3 deletions(-) create mode 100644 .ssh/spacestation.pub create mode 100644 hosts/spacestation/configuration.nix create mode 100644 hosts/spacestation/disko.nix create mode 100644 hosts/spacestation/hardware-configuration.nix create mode 100644 hosts/spacestation/impermanence.nix create mode 100644 hosts/spacestation/services.nix diff --git a/.ssh/spacestation.pub b/.ssh/spacestation.pub new file mode 100644 index 0000000..a5a1399 --- /dev/null +++ b/.ssh/spacestation.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICA6bcTagMSci1oHpXuq8w3LQ7eaR80yjYrjidkIGv3M spacestation login diff --git a/flake.nix b/flake.nix index 942d456..9272001 100644 --- a/flake.nix +++ b/flake.nix @@ -195,6 +195,24 @@ ] ++ commonModules; }; + "spacestation" = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + specialArgs = { + pkgs-unstable = import nixpkgs-unstable { + inherit system; + config.allowUnfree = true; + config.allowUnfreePredicate = _: true; + }; + inherit inputs self; + }; + modules = + [ + ./hosts/spacestation/configuration.nix + ./home/worm/configuration.nix + {users.users."guz".openssh.authorizedKeys.keyFiles = [./.ssh/spacestation.pub];} + ] + ++ commonModules; + }; }; homeConfigurations = forAllSystems ({ diff --git a/home/terminal/configuration.nix b/home/terminal/configuration.nix index 08154fa..f2aa2ea 100644 --- a/home/terminal/configuration.nix +++ b/home/terminal/configuration.nix @@ -1,6 +1,4 @@ { - config, - lib, inputs, pkgs, self, @@ -32,7 +30,7 @@ services.flatpak.enable = true; # Shell - programs.zsh.enable = true; + # programs.zsh.enable = true; # SDDM (Display Manager) services.displayManager.sddm = { diff --git a/home/terminal/home.nix b/home/terminal/home.nix index 4088682..db80735 100644 --- a/home/terminal/home.nix +++ b/home/terminal/home.nix @@ -29,9 +29,12 @@ blender blockbench bitwarden-desktop + # davinci-resolve inkscape + kdePackages.kdenlive nextcloud-client obsidian + openrgb prismlauncher javaPackages.compiler.temurin-bin.jdk-25 diff --git a/home/terminal/impermanence.nix b/home/terminal/impermanence.nix index e8804ec..b99c0e2 100644 --- a/home/terminal/impermanence.nix +++ b/home/terminal/impermanence.nix @@ -1,6 +1,14 @@ {lib, ...}: with lib; { home.persistence."/persist" = { + files = map (d: + if isList d + then { + file = elemAt d 1; + mode = elemAt d 0; + } + else d) [ + ]; directories = map (d: if isList d then { diff --git a/hosts/spacestation/configuration.nix b/hosts/spacestation/configuration.nix new file mode 100644 index 0000000..9a15000 --- /dev/null +++ b/hosts/spacestation/configuration.nix @@ -0,0 +1,111 @@ +{ + config, + inputs, + pkgs, + ... +}: { + imports = [ + ../../secrets.nix + ./impermanence.nix + inputs.disko.nixosModules.disko + ./disko.nix + ./hardware-configuration.nix + ./services.nix + ]; + + # GnuPG keyring + programs.gnupg.agent = { + enable = true; + pinentryPackage = pkgs.pinentry-gtk2; + settings.default-cache-ttl = 3600 * 24; + }; + + # Yet another nix cli helper + programs.nh = { + enable = true; + clean.enable = true; + clean.extraArgs = "--keep-since 7d --keep 3"; + flake = "/home/guz/Projects/dot013-nix"; + }; + + # QMK keyboard + hardware.keyboard.qmk.enable = true; + services.udev.packages = with pkgs; [via vial]; + + # Tailscale + services.tailscale.enable = true; + + # Networking + networking.hostName = "spacestation"; + networking.networkmanager.enable = true; + networking.hostId = builtins.substring 0 8 ( + builtins.hashString "sha256" config.networking.hostName + ); + + # Firewall + networking.firewall.enable = true; + + # SSH + services.openssh.enable = true; + services.openssh.settings = { + PasswordAuthentication = false; + PermitRootLogin = "forced-commands-only"; + }; + + # Mosh + programs.mosh.enable = true; + + # Locale + time.timeZone = "America/Sao_Paulo"; + i18n.defaultLocale = "en_US.UTF-8"; + i18n.extraLocaleSettings = let + locale = "pt_BR.UTF-8"; + in { + LC_ADDRESS = locale; + LC_IDENTIFICATION = locale; + LC_MEASUREMENT = locale; + LC_MONETARY = locale; + LC_NAME = locale; + LC_NUMERIC = locale; + LC_PAPER = locale; + LC_TELEPHONE = locale; + LC_TIME = locale; + }; + + # Keyboard + services.xserver.xkb.layout = "br"; + console.keyMap = "br-abnt2"; + + security.polkit.enable = true; + + # Nix + nix.settings.experimental-features = ["nix-command" "flakes"]; + + boot.loader.grub.enable = true; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.device = "nodev"; + boot.loader.grub.mirroredBoots = [ + { + devices = ["nodev"]; + path = "/boot"; + efiSysMountPoint = "/boot"; + } + { + devices = ["nodev"]; + path = "/boot-fallback"; + efiSysMountPoint = "/boot-fallback"; + } + ]; + boot.loader.efi.efiSysMountPoint = "/boot"; + + boot.initrd.systemd.enable = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "25.11"; # Did you read the comment? +} diff --git a/hosts/spacestation/disko.nix b/hosts/spacestation/disko.nix new file mode 100644 index 0000000..0c33f27 --- /dev/null +++ b/hosts/spacestation/disko.nix @@ -0,0 +1,138 @@ +{ + # Bootloader + boot.supportedFilesystems = ["zfs"]; + + boot.zfs.requestEncryptionCredentials = true; + boot.zfs.forceImportRoot = false; + boot.zfs.devNodes = "/dev/disk/by-id/"; + + services.zfs.autoScrub.enable = true; + services.zfs.autoScrub.interval = "monthly"; + + disko.devices = { + disk = let + mkDisk = device: mountpoint: { + type = "disk"; + device = device; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = mountpoint; + mountOptions = ["nofail"]; + }; + }; + zfs = { + end = "-4G"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + swap = { + size = "100%"; + content = { + type = "swap"; + discardPolicy = "both"; + }; + }; + }; + }; + }; + in { + root = mkDisk "/dev/sda" "/boot"; + mirror = mkDisk "/dev/sdb" "/boot-fallback"; + }; + zpool = { + zroot = { + type = "zpool"; + mode = "mirror"; + rootFsOptions = { + acltype = "posixacl"; + dnodesize = "auto"; + canmount = "off"; + xattr = "sa"; + relatime = "on"; + normalization = "formD"; + mountpoint = "none"; + encryption = "aes-256-gcm"; + keyformat = "passphrase"; + keylocation = "prompt"; + compression = "lz4"; + "com.sun:auto-snapshot" = "false"; + }; + options = { + ashift = "12"; + autotrim = "on"; + }; + datasets = { + "root" = { + type = "zfs_fs"; + options = { + encryption = "aes-256-gcm"; + keyformat = "passphrase"; + keylocation = "prompt"; + compression = "zstd"; + }; + mountpoint = "/"; + postCreateHook = "zfs snapshot zroot/root@blank"; + }; + "nix" = { + type = "zfs_fs"; + options = { + mountpoint = "/nix"; + compression = "zstd"; + }; + mountpoint = "/nix"; + }; + "persist" = { + type = "zfs_fs"; + options = { + mountpoint = "/persist"; + compression = "zstd"; + }; + mountpoint = "/persist"; + }; + "s3" = { + type = "zfs_fs"; + options = { + mountpoint = "/var/lib/garage/data"; + compression = "lz4"; + "com.sun:auto-snapshot" = "false"; # S3/Garage already snapshots + }; + mountpoint = "/var/lib/garage/data"; + }; + }; + }; + }; + }; + + fileSystems."/" = { + device = "zroot/root"; + fsType = "zfs"; + neededForBoot = true; + options = ["zfsutil"]; + }; + fileSystems."/nix" = { + device = "zroot/nix"; + fsType = "zfs"; + neededForBoot = true; + options = ["zfsutil"]; + }; + fileSystems."/persist" = { + device = "zroot/persist"; + fsType = "zfs"; + neededForBoot = true; + options = ["zfsutil"]; + }; + fileSystems."/var/lib/garage/data" = { + device = "zroot/s3"; + fsType = "zfs"; + options = ["zfsutil"]; + }; +} diff --git a/hosts/spacestation/hardware-configuration.nix b/hosts/spacestation/hardware-configuration.nix new file mode 100644 index 0000000..6957f1a --- /dev/null +++ b/hosts/spacestation/hardware-configuration.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + modulesPath, + ... +}: +with lib; { + imports = [(modulesPath + "/installer/scan/not-detected.nix")]; + + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + swapDevices = []; + + nixpkgs.hostPlatform = mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/spacestation/impermanence.nix b/hosts/spacestation/impermanence.nix new file mode 100644 index 0000000..98b5d3a --- /dev/null +++ b/hosts/spacestation/impermanence.nix @@ -0,0 +1,25 @@ +{inputs, ...}: { + imports = [ + inputs.impermanence.nixosModules.impermanence + ]; + + environment.persistence."/persist" = { + enable = true; + hideMounts = true; + directories = [ + "/etc/nixos" + "/etc/NetworkManager/system-connections" + "/etc/secureboot" + "/var/db/sudo" + "/var/keys" + "/var/log" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/var/lib/tailscale" + "/var/lib/garage" + ]; + files = [ + "/etc/machine-id" + ]; + }; +} diff --git a/hosts/spacestation/services.nix b/hosts/spacestation/services.nix new file mode 100644 index 0000000..6462967 --- /dev/null +++ b/hosts/spacestation/services.nix @@ -0,0 +1 @@ +{...}: {}