renge2: Init

2023-12-31 12:54:51 +01:00 · 2023-12-31 12:54:51 +01:00 · 6914e9491b
parent c5f5f6a5ca
commit 6914e9491b
4 changed files with 96 additions and 0 deletions
--- a/machines/default.nix
+++ b/machines/default.nix
@ -48,6 +48,11 @@ in

    targetHost = "renge.sbruder.de";
  };
+  renge2 = {
+    system = "aarch64-linux";
+
+    targetHost = "renge2.sbruder.de";
+  };
  okarin = {
    system = "x86_64-linux";

--- a/machines/renge2/README.md
+++ b/machines/renge2/README.md
@ -0,0 +1,13 @@
+# renge
+
+## Hardware
+
+[Netcup VPS 1000 ARM G11 NUE](https://www.netcup.de/bestellen/produkt.php?produkt=3563) (6 vCPU Neoverse-N1, 8 GB RAM, 256 GiB SSD).
+
+## Purpose
+
+It will host most services that do not require large storage and benefit from high availability.
+
+## Name
+
+Renge Miyauchi is a character from *Non Non Biyori*
--- a/machines/renge2/configuration.nix
+++ b/machines/renge2/configuration.nix
@ -0,0 +1,18 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ../../modules
+  ];
+
+  sbruder = {
+    nginx.hardening.enable = true;
+    #restic.system.enable = true;
+    #wireguard.home.enable = true;
+  };
+
+  networking.hostName = "renge";
+
+  system.stateVersion = "23.11";
+}
--- a/machines/renge2/hardware-configuration.nix
+++ b/machines/renge2/hardware-configuration.nix
@ -0,0 +1,60 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot = {
+    kernelParams = [ "ip=dhcp" ];
+    initrd = {
+      availableKernelModules = [
+        "aes_neon_blk"
+        "aes_neon_bs"
+        "ahci"
+        "sr_mod"
+        "usbhid"
+        "virtio_pci"
+        "virtio_scsi"
+        "xhci_pci"
+      ];
+      network.enable = true; # remote unlocking
+      luks.devices."root".device = "/dev/disk/by-uuid/dd131862-29a2-4464-8c7c-5a3fd1bab8ff";
+    };
+    loader = {
+      grub.enable = false;
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/31412044-8ef5-4f02-bbda-55af44e344cc";
+      fsType = "btrfs";
+      options = [ "compress=zstd" "ssd" ];
+    };
+    "/boot" = {
+      device = "/dev/disk/by-uuid/40F5-721A";
+      fsType = "vfat";
+    };
+  };
+
+  networking.useDHCP = false;
+  networking.usePredictableInterfaceNames = false;
+  systemd.network = {
+    enable = true;
+    networks = {
+      eth0 = {
+        name = "eth0";
+        DHCP = "yes";
+        domains = [ "sbruder.de" ];
+        address = [ "2a03:4000:6b:d2::1/64" ];
+        gateway = [ "fe80::1" ];
+      };
+    };
+  };
+
+  # no smart on qemu disk
+  services.smartd.enable = false;
+}