diff --git a/flake.nix b/flake.nix index 2a55f9e..2150635 100644 --- a/flake.nix +++ b/flake.nix @@ -162,6 +162,33 @@ # ]; }; + # Vintage story server + nixosConfigurations."thancred" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit userName userEmail vintage-story; + hostname = "thancred"; + role = "server"; + }; + modules = [ + myOverlays + ./modules/common + ./modules/machine/thancred + + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.extraSpecialArgs = extraSpecialArgs // { isNixOS = true; role = "server"; }; + home-manager.backupFileExtension = "bak"; + home-manager.users.${userName}.imports = [ + ./home + ]; + } + ]; + }; + + # Matrix and Mastodon server nixosConfigurations."yshtola" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { diff --git a/modules/machine/thancred/configuration.nix b/modules/machine/thancred/configuration.nix new file mode 100644 index 0000000..8a7e277 --- /dev/null +++ b/modules/machine/thancred/configuration.nix @@ -0,0 +1,121 @@ +{ + pkgs, + userName, + vintage-story, + ... +}: { + imports = [ + ../../pwrMgmt + ../../networking/core.nix + ../../virtualization/podman.nix + ]; + + # Enable flakes for NixOS + nix.settings.experimental-features = ["nix-command" "flakes"]; + + # Custom kernel/boot stuff + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Set your timezone + time.timeZone = "America/Detroit"; + + # Enable OpenSSH + services.openssh.enable = true; + + # Enable keyring + services.gnome.gnome-keyring.enable = true; + + # Enable GnuPG + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + # Enable SUID wrappers (some programs need them) + programs.mtr.enable = true; + + # Enable Polkit + security.polkit.enable = true; + + # Power management (see ../../pwrMgmt/default.nix) + pwrMgmt = { + enable = true; + cpuFreqGovernor = "performance"; + powertop.enable = false; + }; + + network = { + firewall = { + enable = true; + tcpPorts = { + allowedPorts = [ 42420 ]; + }; + udpPorts = { + allowedPorts = [ 42420 ]; + }; + }; + networkManager.enable = true; + }; + + environment.systemPackages = [ + vintage-story.packages.${pkgs.system}.default + ]; + + systemd.services.vintagestory-server = { + description = "Vintage Story Server"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Type = "simple"; + User = userName; + WorkingDirectory = "/home/${userName}"; + ExecStart = "${vintage-story.packages.${pkgs.system}.default}/bin/vintagestory-server"; + Restart = "on-failure"; + RestartSec = "5s"; + }; + }; + + # Add username to groups "wheel" and "video" - more may be added here later + users = { + groups.hazel = {}; + users = { + ${userName} = { + extraGroups = [ "wheel" "network" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFV9eSc9L+aJLoKoexq2f/jb5rpyZnhuGiyhS8YQAbaS wyatt@wyattjmiller.com" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4WKvKnnYpTbzZHFEslOKyfiiMqWxhW3AfX6E7ACmYU wyatt@wyattjmiller.com" + ]; + }; + "hazel" = { + home = "/home/hazel"; + group = "hazel"; + extraGroups = [ "wheel" ]; + description = "hazel"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZnyiQx+k1ygX8E1lsUCB6aTdMc+OKzlZ4admlzknc5ulj0YrtUyqhbNhkNd6pP0QDBFMnXO/rzUvHp4TAyZXKFfpcBCa4zhK97ufymAfvzAjM4vRBqRNcr2n+2iRzxtolbklfjs3ocBQVxXW+pRT5wWxTgK2fcmP2xviDVldr7qte37x5YkQb5SAhYNH8tqJRnuGPe+Q0A3oN4HyHZFnrMq/HlbL5yg/0VKPTtF/IgHf+2dDz5OQQpBx3/N9u/QLwuIm9lkyOG03s0TGmE7up/i0jX2vIqp2BbGSnwdQEL/eSVZx73qQB/J62VFafg13P5yQWDJ33WSoiwhac6bg26HPmPOnCJp5R3c+7jM8N1F1ZbtsKicHSVsRg1RQSree4lchPy7FOPkCuUrB7LNE71mbpOzZNR767S6UAPaXxRw6QNYGBaDqQBwhlU8ZDF5F7EW6ahSUMOI6ECyoibzIMb56xs9osuNeUhB/BcL5sHSFpJjIbdcDLNkEKggrBl6s=" + ]; + }; + }; + }; + + services.fail2ban = { + enable = true; + package = pkgs.fail2ban; + maxretry = 5; + bantime = "3h"; + bantime-increment = { + enable = true; + rndtime = "10m"; + }; + }; + + services.tailscale = { + enable = true; + package = pkgs.tailscale; + }; + + system.stateVersion = "24.11"; +} diff --git a/modules/machine/thancred/default.nix b/modules/machine/thancred/default.nix new file mode 100644 index 0000000..3c4d411 --- /dev/null +++ b/modules/machine/thancred/default.nix @@ -0,0 +1,6 @@ +{ ... }: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + ]; +} diff --git a/modules/machine/thancred/hardware-configuration.nix b/modules/machine/thancred/hardware-configuration.nix new file mode 100644 index 0000000..382377f --- /dev/null +++ b/modules/machine/thancred/hardware-configuration.nix @@ -0,0 +1,32 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/e2e621c1-0090-472a-99d9-61c6a87bd068"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/663E-15C0"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/60104b1a-4285-4dd1-be5e-3c3dee24515a"; } + ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +}