From d7179b75a80cb94ac017b0b9cc54ecb48d23cc02 Mon Sep 17 00:00:00 2001 From: lightly-toasted Date: Wed, 24 Sep 2025 17:47:00 +0900 Subject: [PATCH] feat: add vps host configurations --- flake.nix | 5 +++++ home/hosts/vps.nix | 25 ++++++++++++++++++++++ hosts/vps/configuration.nix | 16 ++++++++++++++ hosts/vps/modules/boot.nix | 9 ++++++++ hosts/vps/modules/filesystem.nix | 4 ++++ hosts/vps/modules/network.nix | 8 +++++++ hosts/vps/modules/services/default.nix | 7 ++++++ hosts/vps/modules/services/openssh.nix | 3 +++ hosts/vps/modules/services/tailscale.nix | 11 ++++++++++ hosts/vps/modules/services/vaultwarden.nix | 9 ++++++++ hosts/vps/modules/sops.nix | 8 +++++++ hosts/vps/modules/users.nix | 8 +++++++ 12 files changed, 113 insertions(+) create mode 100644 home/hosts/vps.nix create mode 100644 hosts/vps/configuration.nix create mode 100644 hosts/vps/modules/boot.nix create mode 100644 hosts/vps/modules/filesystem.nix create mode 100644 hosts/vps/modules/network.nix create mode 100644 hosts/vps/modules/services/default.nix create mode 100644 hosts/vps/modules/services/openssh.nix create mode 100644 hosts/vps/modules/services/tailscale.nix create mode 100644 hosts/vps/modules/services/vaultwarden.nix create mode 100644 hosts/vps/modules/sops.nix create mode 100644 hosts/vps/modules/users.nix diff --git a/flake.nix b/flake.nix index ce7fb0e..c2db6ec 100644 --- a/flake.nix +++ b/flake.nix @@ -43,6 +43,11 @@ specialArgs = { inherit inputs rootPath; }; modules = [ ./hosts/wsl/configuration.nix ]; }; + vps = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs rootPath; }; + modules = [ ./hosts/vps/configuration.nix ]; + }; }; homeConfigurations = { diff --git a/home/hosts/vps.nix b/home/hosts/vps.nix new file mode 100644 index 0000000..f5586a9 --- /dev/null +++ b/home/hosts/vps.nix @@ -0,0 +1,25 @@ +{ config, pkgs, inputs, ... }: + +{ + imports = [ + inputs.nixvim.homeManagerModules.nixvim + inputs.nixcord.homeModules.nixcord + inputs.nix-flatpak.homeManagerModules.nix-flatpak + inputs.sops-nix.homeManagerModules.sops + + ../modules/cli/git.nix + ../modules/cli/ripgrep.nix + ../modules/cli/sops.nix + ../modules/cli/yazi.nix + ../modules/cli/zsh.nix + ]; + + home = { + username = "toast"; + homeDirectory = "/home/toast"; + stateVersion = "24.11"; + }; + + nixpkgs.config.allowUnfree = true; + systemd.user.startServices = "sd-switch"; +} diff --git a/hosts/vps/configuration.nix b/hosts/vps/configuration.nix new file mode 100644 index 0000000..14d53c4 --- /dev/null +++ b/hosts/vps/configuration.nix @@ -0,0 +1,16 @@ +{ inputs, ... }: + +{ + imports = [ + inputs.sops-nix.nixosModules.sops + ] ++ ( + let + modulesPath = ./modules; + moduleFiles = builtins.attrNames (builtins.readDir modulesPath); + in + map (module: modulesPath + ("/" + module)) moduleFiles + ); + + system.stateVersion = "23.11"; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; +} diff --git a/hosts/vps/modules/boot.nix b/hosts/vps/modules/boot.nix new file mode 100644 index 0000000..d58c714 --- /dev/null +++ b/hosts/vps/modules/boot.nix @@ -0,0 +1,9 @@ +{ modulesPath, ... }: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix" )]; + boot.tmp.cleanOnBoot = true; + boot.loader.grub.device = "/dev/vda"; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + boot.initrd.kernelModules = [ "nvme" ]; +} diff --git a/hosts/vps/modules/filesystem.nix b/hosts/vps/modules/filesystem.nix new file mode 100644 index 0000000..286d5fa --- /dev/null +++ b/hosts/vps/modules/filesystem.nix @@ -0,0 +1,4 @@ +{ + fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; }; + swapDevices = [ { device = "/dev/vda2"; } ]; +} diff --git a/hosts/vps/modules/network.nix b/hosts/vps/modules/network.nix new file mode 100644 index 0000000..50e7906 --- /dev/null +++ b/hosts/vps/modules/network.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: + +{ + networking.hostName = "vps"; + networking.domain = ""; + networking.firewall.enable = true; + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; +} diff --git a/hosts/vps/modules/services/default.nix b/hosts/vps/modules/services/default.nix new file mode 100644 index 0000000..1391e4e --- /dev/null +++ b/hosts/vps/modules/services/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./tailscale.nix + ./vaultwarden.nix + ./openssh.nix + ]; +} diff --git a/hosts/vps/modules/services/openssh.nix b/hosts/vps/modules/services/openssh.nix new file mode 100644 index 0000000..8f0456f --- /dev/null +++ b/hosts/vps/modules/services/openssh.nix @@ -0,0 +1,3 @@ +{ + services.openssh.enable = true; +} diff --git a/hosts/vps/modules/services/tailscale.nix b/hosts/vps/modules/services/tailscale.nix new file mode 100644 index 0000000..de75634 --- /dev/null +++ b/hosts/vps/modules/services/tailscale.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: + +{ + sops.secrets."tailscale/authkey" = { }; + + services.tailscale = { + enable = true; + authKeyFile = config.sops.secrets."tailscale/authkey".path; + useRoutingFeatures = "both"; + }; +} diff --git a/hosts/vps/modules/services/vaultwarden.nix b/hosts/vps/modules/services/vaultwarden.nix new file mode 100644 index 0000000..04de1e1 --- /dev/null +++ b/hosts/vps/modules/services/vaultwarden.nix @@ -0,0 +1,9 @@ +{ + services.vaultwarden = { + enable = true; + config = { + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 8222; + }; + }; +} diff --git a/hosts/vps/modules/sops.nix b/hosts/vps/modules/sops.nix new file mode 100644 index 0000000..b125b37 --- /dev/null +++ b/hosts/vps/modules/sops.nix @@ -0,0 +1,8 @@ +{ rootPath, ... }: + +{ + sops.defaultSopsFile = rootPath + /secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/toast/.config/sops/age/keys.txt"; +} diff --git a/hosts/vps/modules/users.nix b/hosts/vps/modules/users.nix new file mode 100644 index 0000000..caa5915 --- /dev/null +++ b/hosts/vps/modules/users.nix @@ -0,0 +1,8 @@ +{ + users.users.toast = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyVXtny3ca64wdJAwcUro+U4sY4r6v97ypIXdedOuhc toast@nixos'' ]; + }; + users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyVXtny3ca64wdJAwcUro+U4sY4r6v97ypIXdedOuhc toast@nixos'' ]; +}