SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 20:09:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add new host nas

Browse source
This commit is contained in:
SebastianStork 2026-02-25 23:18:48 +01:00
parent d4e1577ee1
commit 30a2321805
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
7 changed files with 205 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

25
hosts/nas/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ self, ... }:
{
imports = [ self.nixosModules.server-profile ];
system.stateVersion = "25.11";
custom = {
boot.loader.grub.enable = true;
networking = {
overlay = {
address = "10.254.250.6";
isLighthouse = true;
};
underlay = {
interface = "enp2s0";
cidr = "192.168.0.64/24";
isPublic = true;
gateway = "192.168.0.1";
};
};
services.dns.enable = true;
};
}

111
hosts/nas/disko.nix Normal file
View file

@ -0,0 +1,111 @@
{
disko.devices = {
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"defaults"
"mode=755"
];
};
disk = {
nvme0n1 = {
type = "disk";
device = "/dev/disk/by-id/nvme-eui.002538b581b34925";
content = {
type = "gpt";
partitions = {
swap = {
size = "8G";
content.type = "swap";
};
root = {
size = "100%";
content = {
type = "bcachefs";
filesystem = "rootfs";
label = "nvme.nvme0n1";
extraFormatArgs = [
"--discard"
"--durability=0"
];
};
};
};
};
};
sda = {
type = "disk";
device = "/dev/disk/by-id/ata-CT1000BX500SSD1_2527E9C5CD54";
content = {
type = "gpt";
partitions = {
boot = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot1";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "bcachefs";
filesystem = "rootfs";
label = "sata.sda";
extraFormatArgs = [
"--discard"
"--durability=1"
];
};
};
};
};
};
sdb = {
type = "disk";
device = "/dev/disk/by-id/ata-Samsung_SSD_860_QVO_1TB_S4CZNF1N102994T";
content = {
type = "gpt";
partitions = {
boot = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot2";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "bcachefs";
filesystem = "rootfs";
label = "sata.sdb";
extraFormatArgs = [
"--discard"
"--durability=1"
];
};
};
};
};
};
};
bcachefs_filesystems.rootfs = {
type = "bcachefs_filesystem";
extraFormatArgs = [
"--replicas=2"
"--compression=lz4"
];
subvolumes = {
nix.mountpoint = "/nix";
persist.mountpoint = "/persist";
};
};
};
}

33
hosts/nas/hardware.nix Normal file
View file

@ -0,0 +1,33 @@
_: {
nixpkgs.hostPlatform = "x86_64-linux";
boot = {
kernelModules = [ "kvm-intel" ];
initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"sd_mod"
"sdhci_pci"
];
supportedFilesystems = [ "bcachefs" ];
loader = {
efi.canTouchEfiVariables = true;
grub = {
efiSupport = true;
mirroredBoots = [
{
devices = [ "nodev" ];
path = "/boot1";
}
{
devices = [ "nodev" ];
path = "/boot2";
}
];
};
};
};
}

1
hosts/nas/keys/age.pub Normal file
View file

@ -0,0 +1 @@
age1p582v7x0k36csmtp66a0j28j5u5slruqqkfh6kkqutkmsquwdups3xd2lq

6
hosts/nas/keys/nebula.crt Normal file
View file

@ -0,0 +1,6 @@
-----BEGIN NEBULA CERTIFICATE V2-----
MIGsoEaAA25hc6EHBAUK/voGGKMIDAZzZXJ2ZXKFBGmfZhaGBGsoffSHIBVD/hlb
qt7XLMVqDE4DhIQzJRBaXtQIwm5gRTI7c0VogiAZe96epRDtw/rMTdFK2zGNir1I
wMaj+yBQZk7+5zkMdYNAq9DkNJ5a+W5M27gkxC4iNpi5+HhQksJpuQyRJthGmoUK
+cBkIymP7vlwF1rWRIUAwFiuhSlKvKg9H6RrM5mGBw==
-----END NEBULA CERTIFICATE V2-----

3
hosts/nas/keys/nebula.pub Normal file
View file

@ -0,0 +1,3 @@
-----BEGIN NEBULA X25519 PUBLIC KEY-----
GXvenqUQ7cP6zE3RStsxjYq9SMDGo/sgUGZO/uc5DHU=
-----END NEBULA X25519 PUBLIC KEY-----

26
hosts/nas/secrets.json Normal file
View file

@ -0,0 +1,26 @@
{
"seb-password": "ENC[AES256_GCM,data:sCMOhgNrWyGVRUlL0bFTjaXXd8/tQJI43yPfAHzzWu1M5KYzPu0G7GhzjsGUNIwYeP8CO01Zh6zqkBy1h4dNbuX8NvuVJDWZjA==,iv:ClzISC4OJ/EFHQI420D+JkdC18ZdB9I7bwnZDWa0pHs=,tag:oMfHJgyhb4tPoTg9OsB7BA==,type:str]",
"nebula": {
"host-key": "ENC[AES256_GCM,data:lFOyE+dn5Gg5qfOywA673g6x120unVNMiYG/bmkXAdGMCwUi4vknSIY4vDJsKNR5YAZJ26x6Ezboj9aM2pRzXwZC7duaGpkCNwMQS5+j+T/ClZOptFLaLnxnWNcLfVkupRr4uyAb2DlyTPI2uUGJFVWCKRric04fyOTd8T0TzQ==,iv:2se7H9YWtPIScMq5hCZyirM6KS9cVnlv/HPnlh2swfE=,tag:/N+Ewdl1tH9o6LVuoTSTcA==,type:str]"
},
"porkbun": {
"api-key": "ENC[AES256_GCM,data:eWZXxOfCQ7fXqwUAtsD968EjOeibkFbBeClNmazPk7uEtSR+WnpteB2pY0VFSEQhTKN7zCunKcfkKiSiG0C9r0TXxYM=,iv:FHmy/gR1Zzpro2Vm2e13nfTkHGEGwyw+81CDgkVlbYM=,tag:e4nBvSgw3wJU8viSp23Fjw==,type:str]",
"secret-api-key": "ENC[AES256_GCM,data:6Ss1wkeNMlnkwFtoytwtSHsIbpZN+CmPVshGu7GZfAH8FsHpc/Xyj8D1TRaUGpOI4gz/II4P/LZnmPR5bZ521MxbL+o=,iv:ycpfMGtis8l8TYj2sMO1plSNPKnFzBDF6i6xhxDabx4=,tag:WZCj0CDaPJ1vL6cap2rGvA==,type:str]"
},
"sops": {
"age": [
{
"recipient": "age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQ0w4S1lHL21ld0Z1bDho\nMUV6UnpUYTdZZGZmSHRaK3MycVUvcitXU0M4CjdESGdwb2pnaXRkdnhIVGlvNW51\nRG4yVnFsUGIzSU16aUtuaFkxQlhGZjAKLS0tIGlFTUs4blhvYjFnS2lKcHp1MElu\neW5OV2FOYXEyUHhrQ3JlRnQ5MlRCNDgKo1abZY7O16Tqd+qMeeQtS+3aLB3bsi3g\nlSvatQ9R8D9Ogk8J7D1crrD8KMEX6Ob3Wov9OhY4tPSGfkRq61TLkw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1p582v7x0k36csmtp66a0j28j5u5slruqqkfh6kkqutkmsquwdups3xd2lq",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOVRQU1R4VlBhdEFUdnR6\nZFNuNldaSkxJL3ptOVVscjRBNkQ4dFBmQUVBCmZrQmFMV0hWbTBQcm1FS3JrR0ZC\nbktvT04xczd6VkdCUWk2NnVVZHNFWkUKLS0tIGUwOHJSMHVsNTEyZEU2VWJFNGVy\nMVFDVThrRGQwZEtPeFYzZUVQYi80ZjAKUd/XzyzqMkMowvyeCnQDbOGJDKbuAUQb\nFClQuiH5iSQQrVPw7SHBNgdqbcdtC+hZ4tpPaV/wWtlpcqpr5mBJSA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-02-25T19:43:39Z",
"mac": "ENC[AES256_GCM,data:2pIwmbnsgL5DmZqeZQrnHHNXU1tNdGayytKFD0/g8GM1RQGDL2vGf8J/LX2JkpOeqeG/7q0t0Aa9ABeIGMNjAFSm0RIM6CIHVugPUx+mD7eziof6MRZ2LIzhlI49htxngToHBgOLnmWQt+7AueoLIowqkrP5d2ocbwmb8ObXaoo=,iv:IoLdmrRzmSN+3rr1ogeAOz8fVBoyH+ttZnco6rtmvR4=,tag:Bjco8HoAaplUuyxNMxjEIg==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.11.0"
}
}