From c574356ec522bb8c54a92ddccfbc520c18c81748 Mon Sep 17 00:00:00 2001
From: Sven Slootweg <admin@cryto.net>
Date: Sun, 28 Jul 2019 18:33:15 +0200
Subject: [PATCH] Add some presets and configuration for haless-03

---
 configuration/default.nix                     | 26 ++++++++++++++
 .../machine-haless-03.nix                     | 30 ++++++++++++++++
 configuration/presets/base.nix                | 36 +++++++++++++++++++
 configuration/presets/kvm.nix                 |  7 ++++
 4 files changed, 99 insertions(+)
 create mode 100644 configuration/default.nix
 create mode 100644 configuration/hardware-configurations/machine-haless-03.nix
 create mode 100644 configuration/presets/base.nix
 create mode 100644 configuration/presets/kvm.nix

diff --git a/configuration/default.nix b/configuration/default.nix
new file mode 100644
index 0000000..0791d41
--- /dev/null
+++ b/configuration/default.nix
@@ -0,0 +1,26 @@
+let
+	nixpkgsOptions = {};
+	pkgs = (import (fetchTarball "https://github.com/NixOS/nixpkgs-channels/archive/nixos-19.03.tar.gz") nixpkgsOptions);
+	presets = {
+		base = (import ./presets/base.nix);
+		kvm = (import ./presets/kvm.nix);
+	};
+in  {
+	network = {
+		inherit pkgs;
+		description = "Cryto";
+	};
+
+	"machine-haless-03.cryto.net" = {
+		system.stateVersion = "19.03";
+
+		imports = [
+			presets.base
+			presets.kvm
+			./hardware-configurations/machine-haless-03.nix
+		];
+
+		services.nginx.enable = true;
+		networking.firewall.allowedTCPPorts = [ 80 ];
+	};
+}
diff --git a/configuration/hardware-configurations/machine-haless-03.nix b/configuration/hardware-configurations/machine-haless-03.nix
new file mode 100644
index 0000000..f027025
--- /dev/null
+++ b/configuration/hardware-configurations/machine-haless-03.nix
@@ -0,0 +1,30 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "sd_mod" "sr_mod" ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/fae209f9-45d5-457a-bccf-c38e7e41c5b9";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/311156df-3b74-4f69-8a1e-ee33c0aa0a33";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/18ff8fb6-047d-4ea4-a32c-39a9f28a0c5d"; }
+    ];
+
+  nix.maxJobs = lib.mkDefault 2;
+}
diff --git a/configuration/presets/base.nix b/configuration/presets/base.nix
new file mode 100644
index 0000000..e705805
--- /dev/null
+++ b/configuration/presets/base.nix
@@ -0,0 +1,36 @@
+{ pkgs, ... }:
+	{
+		i18n = {
+			consoleFont = "Lat2-Terminus16";
+			consoleKeyMap = "us";
+			defaultLocale = "en_US.UTF-8";
+		};
+
+		time.timeZone = "Europe/Amsterdam";
+
+		environment.systemPackages = with pkgs; [
+			wget
+			curl
+			htop
+			iotop
+			iftop
+			nload
+			lsof
+		];
+
+		services.openssh = {
+			enable = true;
+			passwordAuthentication = false;
+			permitRootLogin = "yes";
+		};
+
+		users.users.root.openssh.authorizedKeys.keys = [
+			"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzV5dI01NhwuL6ayiO0STcSQiDf7lEtu63NuLZKQUdZVuVHIqyt3Gquks2OI1NZGrJdXA315yw89ZqyMo+z7gSGHEV6P0fAXKW6G78JOFWsA5lGpaLxTsZ6Q7r0Z9FMqDvA5Jlsyznyj9hhO1cz01WPLzB92ypd9ifldtrAQIYQItxGXOuRkBJiShuIRqtr4Q2chXiOoRZKb4v4Gyt/UPxTpvfM/zcOz0zi1d4ijSbLqgIUJhxvrWADfdgEQ77unepDoD+HT51QBX7dj8RuYivxLSA3vpfNeCgt2CYBf6FYnmWkWSnN1RCtQPJNxsMuLzC2ZBbIkz0tDgcIBPbHxGr sven@linux-rfa7.site"
+		];
+
+		nix.gc = {
+			automatic = true;
+			dates = "00:00";
+			options = "--delete-older-than 14d";
+		};
+	}
diff --git a/configuration/presets/kvm.nix b/configuration/presets/kvm.nix
new file mode 100644
index 0000000..13831f8
--- /dev/null
+++ b/configuration/presets/kvm.nix
@@ -0,0 +1,7 @@
+{
+	boot.loader.grub = {
+		enable = true;
+		version = 2;
+		device = "/dev/sda"; # or "nodev" for efi only
+	};
+}