-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathflake.nix
106 lines (92 loc) · 4.19 KB
/
flake.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
{
description = "Example NixOS deployment via NixOS-anywhere";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, disko, ... }: {
nixosConfigurations.hetzner-cloud = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
({modulesPath, ... }: {
imports = [
"${modulesPath}/installer/scan/not-detected.nix"
"${modulesPath}/profiles/qemu-guest.nix"
disko.nixosModules.disko
];
disko.devices = import ./single-gpt-disk-fullsize-ext4.nix "/dev/sda";
boot.loader.grub = {
devices = [ "/dev/sda" ];
efiSupport = true;
efiInstallAsRemovable = true;
};
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXfQnzmqFQsUPwJm1sQSh2A7HH1YxO6OOOn1r2QR/PqwVIRu1rOzAC5IXPKmaIN770dLIJzQMqQoUr3ih/x+zweEyUqJTP0sIjA8l9lJNj0S6xVZ594ci/C6w9fR9uKRmXIk7r6usaqTF0Jdf02Al0tB0Lv4Aqi2b6VNPLO3LT162ZuRpcqSDIZzmQg+lkd0s1jWnJGdX5s7G959ouvID5xx7g/e31M/p4PJFvdEtmZ0YGTqju+STyOvX56GvQKRlRRYVFwwTyC1KUr0fJ31dM0DjZoIrfbeY+MBO6JXT23x6iU2sywqxmrDrRphu3raLI/Y2PhopO0q7DutAoolgV cardno:6444835"
];
})
];
};
"hetzner-dedicated" = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [
({modulesPath, ... }: {
imports = [
disko.nixosModules.disko
];
disko.devices = import ./two-raids-on-two-disks.nix;
boot.loader.grub = {
copyKernels = true;
devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
efiInstallAsRemovable = true;
efiSupport = true;
enable = true;
fsIdentifier = "uuid";
version = 2;
};
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
nixpkgs.hostPlatform = "x86_64-linux";
powerManagement.cpuFreqGovernor = "ondemand";
hardware.cpu.intel.updateMicrocode = true;
hardware.enableRedistributableFirmware = true;
networking.hostName = "foo";
networking.fqdn = "bar";
# Most of this is inspired by existing scripts:
# https://github.com/nix-community/nixos-install-scripts/tree/master/hosters/hetzner-dedicated
# Network (Hetzner uses static IP assignments, and we don't use DHCP here)
networking.useDHCP = false;
networking.interfaces."enp5s0".ipv4.addresses = [
{
address = "1.2.3.4"; # your IPv4 here
prefixLength = 24;
}
];
networking.interfaces."enp5s0".ipv6.addresses = [
{
address = "1::2::3::4::1"; # Your IPv6 here
prefixLength = 64;
}
];
# These settings can be looked up in the running rescue system
# if unclear
networking.defaultGateway = "148.251.247.33";
networking.defaultGateway6 = {
address = "fe80::1";
interface = "enp5s0";
};
networking.nameservers = [ "8.8.8.8" ];
networking.firewall.logRefusedConnections = false;
# Initial empty root password for easy login:
users.users.root.initialHashedPassword = "";
services.openssh.permitRootLogin = "prohibit-password";
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXfQnzmqFQsUPwJm1sQSh2A7HH1YxO6OOOn1r2QR/PqwVIRu1rOzAC5IXPKmaIN770dLIJzQMqQoUr3ih/x+zweEyUqJTP0sIjA8l9lJNj0S6xVZ594ci/C6w9fR9uKRmXIk7r6usaqTF0Jdf02Al0tB0Lv4Aqi2b6VNPLO3LT162ZuRpcqSDIZzmQg+lkd0s1jWnJGdX5s7G959ouvID5xx7g/e31M/p4PJFvdEtmZ0YGTqju+STyOvX56GvQKRlRRYVFwwTyC1KUr0fJ31dM0DjZoIrfbeY+MBO6JXT23x6iU2sywqxmrDrRphu3raLI/Y2PhopO0q7DutAoolgV cardno:6444835"
];
services.openssh.enable = true;
system.stateVersion = "23.11";
})
];
};
};
}