feat(spacestation): new spacestation NAS host

hosts/spacestation/configuration.nix

@@ -0,0 +1,100 @@
+{
+  inputs,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ../../secrets.nix
+    ./impermanence.nix
+    inputs.disko.nixosModules.disko
+    ./disko.nix
+    ./hardware-configuration.nix
+    ./services.nix
+  ];
+
+  # GnuPG keyring
+  programs.gnupg.agent = {
+    enable = true;
+    pinentryPackage = pkgs.pinentry-gtk2;
+    settings.default-cache-ttl = 3600 * 24;
+  };
+
+  # Yet another nix cli helper
+  programs.nh = {
+    enable = true;
+    clean.enable = true;
+    clean.extraArgs = "--keep-since 7d --keep 3";
+    flake = "/home/guz/Projects/dot013-nix";
+  };
+
+  # QMK keyboard
+  hardware.keyboard.qmk.enable = true;
+  services.udev.packages = with pkgs; [via vial];
+
+  # Tailscale
+  services.tailscale.enable = true;
+
+  # Networking
+  networking.hostName = "spacestation";
+  networking.networkmanager.enable = true;
+  networking.hostId = "4aaf8e9c"; # Required for ZFS
+
+  # Firewall
+  networking.firewall.enable = true;
+
+  # SSH
+  services.openssh.enable = true;
+  services.openssh.settings = {
+    PasswordAuthentication = false;
+    PermitRootLogin = "forced-commands-only";
+  };
+
+  # Mosh
+  programs.mosh.enable = true;
+
+  # Locale
+  time.timeZone = "America/Sao_Paulo";
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = let
+    locale = "pt_BR.UTF-8";
+  in {
+    LC_ADDRESS = locale;
+    LC_IDENTIFICATION = locale;
+    LC_MEASUREMENT = locale;
+    LC_MONETARY = locale;
+    LC_NAME = locale;
+    LC_NUMERIC = locale;
+    LC_PAPER = locale;
+    LC_TELEPHONE = locale;
+    LC_TIME = locale;
+  };
+
+  # Keyboard
+  services.xserver.xkb.layout = "br";
+  console.keyMap = "br-abnt2";
+
+  security.polkit.enable = true;
+
+  # Nix
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.efiSupport = true;
+  boot.loader.grub.device = "nodev";
+  boot.loader.efi.efiSysMountPoint = "/boot";
+  boot.loader.grub.mirroredBoots = [
+    {
+      devices = ["/dev/sdb1"];
+      path = "/boot-fallback";
+    }
+  ];
+  boot.initrd.systemd.enable = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
+}

hosts/spacestation/disko.nix

@@ -0,0 +1,139 @@
+{
+  # Bootloader
+  boot.supportedFilesystems = ["zfs"];
+
+  boot.zfs.enabled = true;
+  boot.zfs.requestEncryptionCredentials = true;
+  boot.zfs.forceImportRoot = false;
+  boot.zfs.devNodes = "/dev/disk/by-id/";
+
+  services.zfs.autoScrub.enable = true;
+  services.zfs.autoScrub.interval = "monthly";
+
+  disko.devices = {
+    disk = let
+      mkDisk = device: mountpoint: {
+        type = "disk";
+        device = device;
+        content = {
+          type = "gpt";
+          partitions = {
+            GRUB = {
+              size = "1M";
+              type = "EF02";
+            };
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = mountpoint;
+                mountOptions = ["nofail"];
+              };
+            };
+            zfs = {
+              end = "-4G";
+              content = {
+                type = "zfs";
+                pool = "zroot";
+              };
+            };
+            swap = {
+              size = "100%";
+              content = {
+                type = "swap";
+                discardPolicy = "both";
+              };
+            };
+          };
+        };
+      };
+    in {
+      root = mkDisk "/dev/sda" "/boot";
+      mirror = mkDisk "/dev/sdb" "/boot-fallback";
+    };
+    zpool = {
+      zroot = {
+        type = "zpool";
+        mode = "mirror";
+        rootFsOptions = {
+          acltype = "posixacl";
+          canmount = "off";
+          compression = "on";
+          devices = "off";
+          dnodesize = "auto";
+          encryption = "aes-256-gcm";
+          keyformat = "passphrase";
+          keylocation = "prompt";
+          mountpoint = "none";
+          normalization = "formD";
+          relatime = "on";
+          xattr = "sa";
+          "com.sun:auto-snapshot" = "false";
+        };
+        options.ashift = "12";
+        datasets = {
+          "root" = {
+            type = "zfs_fs";
+            mountpoint = "/";
+            options = {
+              mountpoint = "/";
+              compression = "zstd";
+            };
+            postCreateHook = "zfs snapshot zroot/root@blank";
+          };
+          "nix" = {
+            type = "zfs_fs";
+            options = {
+              mountpoint = "/nix";
+              compression = "zstd";
+            };
+            mountpoint = "/nix";
+          };
+          "persist" = {
+            type = "zfs_fs";
+            options = {
+              mountpoint = "/persist";
+              compression = "zstd";
+            };
+            mountpoint = "/persist";
+          };
+          "s3" = {
+            type = "zfs_fs";
+            options = {
+              mountpoint = "/var/lib/garage/data";
+              compression = "lz4";
+              "com.sun:auto-snapshot" = "false"; # S3/Garage already snapshots
+            };
+            mountpoint = "/var/lib/garage/data";
+          };
+        };
+      };
+    };
+  };
+
+  fileSystems."/" = {
+    device = "zroot/root";
+    fsType = "zfs";
+    neededForBoot = true;
+    options = ["zfsutil"];
+  };
+  fileSystems."/nix" = {
+    device = "zroot/nix";
+    fsType = "zfs";
+    neededForBoot = true;
+    options = ["zfsutil"];
+  };
+  fileSystems."/persist" = {
+    device = "zroot/persist";
+    fsType = "zfs";
+    neededForBoot = true;
+    options = ["zfsutil"];
+  };
+  fileSystems."/var/lib/garage/data" = {
+    device = "zroot/s3";
+    fsType = "zfs";
+    options = ["zfsutil"];
+  };
+}

hosts/spacestation/hardware-configuration.nix

@@ -0,0 +1,19 @@
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
+with lib; {
+  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
+
+  boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+
+  swapDevices = [];
+
+  nixpkgs.hostPlatform = mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/spacestation/impermanence.nix

@@ -0,0 +1,25 @@
+{inputs, ...}: {
+  imports = [
+    inputs.impermanence.nixosModules.impermanence
+  ];
+
+  environment.persistence."/persist" = {
+    enable = true;
+    hideMounts = true;
+    directories = [
+      "/etc/nixos"
+      "/etc/NetworkManager/system-connections"
+      "/etc/secureboot"
+      "/var/db/sudo"
+      "/var/keys"
+      "/var/log"
+      "/var/lib/nixos"
+      "/var/lib/systemd/coredump"
+      "/var/lib/tailscale"
+      "/var/lib/garage"
+    ];
+    files = [
+      "/etc/machine-id"
+    ];
+  };
+}

hosts/spacestation/services.nix

@@ -0,0 +1 @@
+{...}: {}