feat: add vps host configurations

flake.nix

@@ -43,6 +43,11 @@
           specialArgs = { inherit inputs rootPath; };
           modules = [ ./hosts/wsl/configuration.nix ];
         };
+        vps = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          specialArgs = { inherit inputs rootPath; };
+          modules = [ ./hosts/vps/configuration.nix ];
+        };
       };
 
       homeConfigurations = {

home/hosts/vps.nix

@@ -0,0 +1,25 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  imports = [
+    inputs.nixvim.homeManagerModules.nixvim
+    inputs.nixcord.homeModules.nixcord
+    inputs.nix-flatpak.homeManagerModules.nix-flatpak
+    inputs.sops-nix.homeManagerModules.sops
+
+    ../modules/cli/git.nix
+    ../modules/cli/ripgrep.nix
+    ../modules/cli/sops.nix
+    ../modules/cli/yazi.nix
+    ../modules/cli/zsh.nix
+  ];
+
+  home = {
+    username = "toast";
+    homeDirectory = "/home/toast";
+    stateVersion = "24.11";
+  };
+
+  nixpkgs.config.allowUnfree = true;
+  systemd.user.startServices = "sd-switch";
+}

hosts/vps/configuration.nix

@@ -0,0 +1,16 @@
+{ inputs, ... }:
+
+{
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+  ] ++ (
+      let
+        modulesPath = ./modules;
+        moduleFiles = builtins.attrNames (builtins.readDir modulesPath);
+      in
+        map (module: modulesPath + ("/" + module)) moduleFiles
+  );
+  
+  system.stateVersion = "23.11";
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+}

hosts/vps/modules/boot.nix

@@ -0,0 +1,9 @@
+{ modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix" )];
+  boot.tmp.cleanOnBoot = true;
+  boot.loader.grub.device = "/dev/vda";
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+}

hosts/vps/modules/filesystem.nix

@@ -0,0 +1,4 @@
+{
+  fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
+  swapDevices = [ { device = "/dev/vda2"; } ];
+}

hosts/vps/modules/network.nix

@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+
+{
+  networking.hostName = "vps";
+  networking.domain = "";
+  networking.firewall.enable = true;
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+}

hosts/vps/modules/services/default.nix

@@ -0,0 +1,7 @@
+{
+  imports = [
+    ./tailscale.nix
+    ./vaultwarden.nix
+    ./openssh.nix
+  ];
+}

hosts/vps/modules/services/openssh.nix

@@ -0,0 +1,3 @@
+{
+  services.openssh.enable = true;
+}

hosts/vps/modules/services/tailscale.nix

@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+
+{
+  sops.secrets."tailscale/authkey" = { };
+
+  services.tailscale = {
+    enable = true;
+    authKeyFile = config.sops.secrets."tailscale/authkey".path;
+    useRoutingFeatures = "both";
+  };
+}

hosts/vps/modules/services/vaultwarden.nix

@@ -0,0 +1,9 @@
+{
+  services.vaultwarden = {
+    enable = true;
+    config = {
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = 8222;
+    };
+  };
+}

hosts/vps/modules/sops.nix

@@ -0,0 +1,8 @@
+{ rootPath, ... }:
+
+{
+  sops.defaultSopsFile = rootPath + /secrets/secrets.yaml;
+  sops.defaultSopsFormat = "yaml";
+
+  sops.age.keyFile = "/home/toast/.config/sops/age/keys.txt";
+}

hosts/vps/modules/users.nix

@@ -0,0 +1,8 @@
+{
+  users.users.toast = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keys = [ ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyVXtny3ca64wdJAwcUro+U4sY4r6v97ypIXdedOuhc toast@nixos'' ];
+  };
+  users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyVXtny3ca64wdJAwcUro+U4sY4r6v97ypIXdedOuhc toast@nixos'' ];
+}