Initial commit

2025-08-20 18:24:02 +03:00
commit 2dec42d487
116 changed files with 6591 additions and 0 deletions
--- a/hosts/naos/caddy.nix
+++ b/hosts/naos/caddy.nix
@@ -0,0 +1,6 @@
+{ ... }: {
+  # services.caddy = {
+  #   enable = true;
+  # };
+  # networking.firewall.allowedTCPPorts = [ 80 443 ];
+}
--- a/hosts/naos/default.nix
+++ b/hosts/naos/default.nix
@@ -0,0 +1,38 @@
+{ lib, config, ... }: {
+  nixpkgs.hostPlatform = "x86_64-linux";
+  hardware.enableRedistributableFirmware = true;
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "usb_storage"
+    "usbhid"
+    "sd_mod"
+  ];
+
+  age.secrets.naos_userasdf_password = {
+    rekeyFile = ./secrets/password.age;
+    owner = "userasdf";
+    group = "users";
+    mode = "0400";
+  };
+  
+  n.host = {
+    hardware.cpu = "intel";
+    bootloader = "sysdboot";
+
+    hostId = "553fb274";
+    users."userasdf" = lib.mkUser config.age.secrets.naos_userasdf_password.path true;
+    defaultUser = "userasdf";
+    types = [ "server" ];
+  };
+
+  imports = [
+    (lib.fs.zfs "/nix" "rpool/nix" null)
+    (lib.fs.luks "cryptroot"
+      "/dev/disk/by-partuuid/ed673238-50b1-4ebf-b6fc-4a25568917c6"
+      { allowDiscards = true; # Used if primary device is a SSD
+        preLVM = true; })
+
+    (lib.fs.tmpfs "/" "none" [ "mode=755" "size=30%" ])
+    (lib.fs.vfat "/boot" "/dev/disk/by-uuid/CDA1-7D4A" null)
+  ];
+}
--- a/hosts/naos/jellyfin.nix
+++ b/hosts/naos/jellyfin.nix
@@ -0,0 +1,16 @@
+{ pkgs, ... }: {
+  # imp.dirs = [ "/nix/persist/services/jellyfin" ];
+  # services.jellyfin = {
+  #   enable = true;
+  #   dataDir = "/nix/persist/films";
+  #   configDir = "/nix/persist/services/jellyfin/cfg";
+  #   cacheDir = "/nix/persist/services/jellyfin/cache";
+  #   logDir = "/nix/persist/services/jellyfin/log";
+  #   openFirewall = false;
+  # };
+  # environment.systemPackages = [
+  #   pkgs.jellyfin
+  #   pkgs.jellyfin-web
+  #   pkgs.jellyfin-ffmpeg
+  # ];
+}
--- a/hosts/naos/luks.nix
+++ b/hosts/naos/luks.nix
@@ -0,0 +1,19 @@
+{ ... }: {
+  # boot.kernelParams = [ "ip=dhcp" ];
+  boot.initrd = {
+    availableKernelModules = [ "r8169" ];
+    network = {
+      enable = true;
+      udhcpc.enable = true;
+      ssh = {
+        enable = true;
+        port = 22;
+        authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDEDqpSiQpbSsClh6UGb7Z2DA1Hy+EyePzTy+5hEVD/A" ];
+        hostKeys = [ "/nix/keys/identity" ];
+      };
+      postCommands = ''
+        echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
+      '';
+    };
+  };
+}
--- a/hosts/naos/secrets/password.age
+++ b/hosts/naos/secrets/password.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 8IT6eg a5gQkLDKM9tbEe0ZSqRKjLz7u0iOUwaxVeetTjTkbDU
+w4V3IBC/MC7Pxn/92aTLNp24uZz623vEUa9wK5pS0wk
+-> @Mkd`z-grease ?mx2I=/d
+XDeroqJTqWJmt+aS2vLar9WtRzG3a2SlKoTwCx6s
+--- ml0i3EekhNXcxocnc5Z+RQp4t9bo8qUZRAQJeWw4soE
+7