From 5ebb77ac40097ff3d7d3553bd4b5b364ccb79b69 Mon Sep 17 00:00:00 2001 From: Sokhibjon Orzikulov Date: Sun, 1 Dec 2024 12:18:43 +0500 Subject: [PATCH] feat: adding kolyma-5 ns server --- flake.lock | 23 ++++- flake.nix | 7 ++ nixos/kolyma-4/services/bind.nix | 33 +++++++ nixos/kolyma-5/configuration.nix | 58 +++++++++++ nixos/kolyma-5/disk-configuration.nix | 112 ++++++++++++++++++++++ nixos/kolyma-5/hardware-configuration.nix | 53 ++++++++++ nixos/kolyma-5/services/bind.nix | 33 +++++++ nixos/kolyma-5/services/container.nix | 11 +++ nixos/kolyma-5/services/default.nix | 15 +++ nixos/kolyma-5/services/www.nix | 13 +++ 10 files changed, 357 insertions(+), 1 deletion(-) create mode 100644 nixos/kolyma-4/services/bind.nix create mode 100644 nixos/kolyma-5/configuration.nix create mode 100644 nixos/kolyma-5/disk-configuration.nix create mode 100644 nixos/kolyma-5/hardware-configuration.nix create mode 100644 nixos/kolyma-5/services/bind.nix create mode 100644 nixos/kolyma-5/services/container.nix create mode 100644 nixos/kolyma-5/services/default.nix create mode 100644 nixos/kolyma-5/services/www.nix diff --git a/flake.lock b/flake.lock index 36e5c49..ef4a09b 100644 --- a/flake.lock +++ b/flake.lock @@ -1,6 +1,26 @@ { "nodes": { "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1732988076, + "narHash": "sha256-2uMaVAZn7fiyTUGhKgleuLYe5+EAAYB/diKxrM7g3as=", + "owner": "nix-community", + "repo": "disko", + "rev": "2814a5224a47ca19e858e027f7e8bff74a8ea9f1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "disko_2": { "inputs": { "nixpkgs": [ "orzklv", @@ -353,7 +373,7 @@ }, "orzklv": { "inputs": { - "disko": "disko", + "disko": "disko_2", "flake-utils": "flake-utils_5", "home-manager": "home-manager_2", "nix-darwin": "nix-darwin", @@ -379,6 +399,7 @@ }, "root": { "inputs": { + "disko": "disko", "flake-utils": "flake-utils", "gate": "gate", "home-manager": "home-manager", diff --git a/flake.nix b/flake.nix index 3cc4fc1..b5a531a 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,12 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + # Disko + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # Flake utils for eachSystem flake-utils.url = "github:numtide/flake-utils"; @@ -127,6 +133,7 @@ "Kolyma-2" "Kolyma-3" "Kolyma-4" + "Kolyma-5" ]; }; }; diff --git a/nixos/kolyma-4/services/bind.nix b/nixos/kolyma-4/services/bind.nix new file mode 100644 index 0000000..21c19f9 --- /dev/null +++ b/nixos/kolyma-4/services/bind.nix @@ -0,0 +1,33 @@ +{ outputs, ... }: +{ + imports = [ outputs.nixosModules.bind ]; + + # Enable Nameserver hosting + services.nameserver = { + enable = true; + type = "slave"; + zones = [ + # Personal Space + "orzklv.uz" + "kolyma.uz" + "katsuki.moe" + "gulag.uz" + + # Not that personal + "khakimovs.uz" + "dumba.uz" + + # Projects + "slave.uz" + "floss.uz" + "sabine.uz" + "rust-lang.uz" + "osmon-lang.uz" + "xinux.uz" + "haskell.uz" + "niggerlicious.uz" + "misskey.uz" + ]; + masters = [ "167.235.96.40" ]; + }; +} diff --git a/nixos/kolyma-5/configuration.nix b/nixos/kolyma-5/configuration.nix new file mode 100644 index 0000000..5c41c13 --- /dev/null +++ b/nixos/kolyma-5/configuration.nix @@ -0,0 +1,58 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: +{ + imports = [ + # If you want to use modules your own flake exports (from modules/nixos): + outputs.nixosModules.ssh + outputs.nixosModules.zsh + outputs.nixosModules.boot + outputs.nixosModules.data + outputs.nixosModules.maid + outputs.nixosModules.motd + outputs.nixosModules.root + outputs.nixosModules.secret + outputs.nixosModules.network + outputs.nixosModules.nixpkgs + + # User configs + outputs.nixosModules.users.sakhib + + # Import your deployed service list + ./services + + # Import your generated (nixos-generate-config) hardware configuration + ./hardware-configuration.nix + + # Home Manager NixOS Module + inputs.home-manager.nixosModules.home-manager + ]; + + # Hostname of the system + networking.hostName = "Kolyma-4"; + + # Entirely disable hibernation + systemd.sleep.extraConfig = '' + AllowSuspend=no + AllowHibernation=no + AllowHybridSleep=no + AllowSuspendThenHibernate=no + ''; + + # Don't ask for password + security.sudo.wheelNeedsPassword = false; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion + system.stateVersion = "24.11"; +} diff --git a/nixos/kolyma-5/disk-configuration.nix b/nixos/kolyma-5/disk-configuration.nix new file mode 100644 index 0000000..a0951c2 --- /dev/null +++ b/nixos/kolyma-5/disk-configuration.nix @@ -0,0 +1,112 @@ +{ + disko.devices = { + disk = { + nvme0n1 = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + BOOT = { + size = "1M"; + type = "EF02"; + priority = 1; + }; + ESP = { + size = "500M"; + type = "EF00"; + priority = 2; + content = { + type = "mdraid"; + name = "boot"; + }; + }; + SWAP = { + size = "130G"; + content = { + type = "mdraid"; + name = "swap"; + }; + }; + ROOT = { + size = "100%"; + content = { + type = "mdraid"; + name = "root"; + }; + }; + }; + }; + }; + nvme1n1 = { + type = "disk"; + device = "/dev/nvme1n1"; + content = { + type = "gpt"; + partitions = { + BOOT = { + size = "1M"; + type = "EF02"; + }; + ESP = { + size = "500M"; + type = "EF00"; + content = { + type = "mdraid"; + name = "boot"; + }; + }; + SWAP = { + size = "130G"; + content = { + type = "mdraid"; + name = "swap"; + }; + }; + ROOT = { + size = "100%"; + content = { + type = "mdraid"; + name = "root"; + }; + }; + }; + }; + }; + }; + mdadm = { + root = { + type = "mdadm"; + level = 1; + content = { + type = "gpt"; + partitions.primary = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + boot = { + type = "mdadm"; + level = 1; + metadata = "1.0"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + swap = { + type = "mdadm"; + level = 1; + content = { + type = "swap"; + }; + }; + }; + }; +} diff --git a/nixos/kolyma-5/hardware-configuration.nix b/nixos/kolyma-5/hardware-configuration.nix new file mode 100644 index 0000000..fb5a7e4 --- /dev/null +++ b/nixos/kolyma-5/hardware-configuration.nix @@ -0,0 +1,53 @@ +{ + inputs, + config, + lib, + pkgs, + modulesPath, + ... +}: +{ + imports = [ + # Disko partitioning + inputs.disko.nixosModules.disko + ./disk-configuration.nix + + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + ]; + boot.initrd.kernelModules = [ "nvme" ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + boot.bios = { + enable = true; + uefi = true; + raided = true; + mirrors = [ + "/dev/nvme0n1" + "/dev/nvme1n1" + ]; + }; + + network = { + enable = true; + + ipv4 = { + enable = true; + address = "65.109.74.214"; + }; + + ipv6 = { + enable = true; + address = "2a01:4f9:3071:31ce::"; + }; + }; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/nixos/kolyma-5/services/bind.nix b/nixos/kolyma-5/services/bind.nix new file mode 100644 index 0000000..7ad7fb0 --- /dev/null +++ b/nixos/kolyma-5/services/bind.nix @@ -0,0 +1,33 @@ +{ outputs, ... }: +{ + imports = [ outputs.nixosModules.bind ]; + + # Enable Nameserver hosting + services.nameserver = { + enable = true; + type = "master"; + zones = [ + # Personal Space + "orzklv.uz" + "kolyma.uz" + "katsuki.moe" + "gulag.uz" + + # Not that personal + "khakimovs.uz" + "dumba.uz" + + # Projects + "slave.uz" + "floss.uz" + "sabine.uz" + "rust-lang.uz" + "osmon-lang.uz" + "xinux.uz" + "haskell.uz" + "niggerlicious.uz" + "misskey.uz" + ]; + slaves = [ "65.109.74.214" ]; + }; +} diff --git a/nixos/kolyma-5/services/container.nix b/nixos/kolyma-5/services/container.nix new file mode 100644 index 0000000..aca573d --- /dev/null +++ b/nixos/kolyma-5/services/container.nix @@ -0,0 +1,11 @@ +{ outputs, ... }: +{ + imports = [ outputs.nixosModules.container ]; + + # Enable containerization + services.containers = { + enable = true; + instances = { }; + ports = [ ]; + }; +} diff --git a/nixos/kolyma-5/services/default.nix b/nixos/kolyma-5/services/default.nix new file mode 100644 index 0000000..9fe6407 --- /dev/null +++ b/nixos/kolyma-5/services/default.nix @@ -0,0 +1,15 @@ +# Fallback validation point of all modules +{ ... }: +{ + # List all modules here to be included on config + imports = [ + # Bind nameserver service for hosting personal domains + ./bind.nix + + # List of docker instances hosted in this machine + ./container.nix + + # Web server & proxy virtual hosts via caddy + ./www.nix + ]; +} diff --git a/nixos/kolyma-5/services/www.nix b/nixos/kolyma-5/services/www.nix new file mode 100644 index 0000000..69e7c61 --- /dev/null +++ b/nixos/kolyma-5/services/www.nix @@ -0,0 +1,13 @@ +{ outputs, ... }: +{ + imports = [ outputs.nixosModules.caddy ]; + + # Enable web server & proxy + services.www = { + enable = true; + alias = [ "ns5.kolyma.uz" ]; + hosts = + { + }; + }; +}