From 6413bbefba7ad19686350ba2b3d3dcc393fe15ad Mon Sep 17 00:00:00 2001 From: Jan Kremer Date: Wed, 25 Mar 2026 16:52:29 +0100 Subject: [PATCH] Add nimbus Oracle Cloud --- flake.nix | 8 ++ hosts/galanthus/configuration.nix | 12 ++- hosts/nimbus/configuration.nix | 108 ++++++++++++++++++++++++ hosts/nimbus/hardware-configuration.nix | 51 +++++++++++ modules/nixos/tailscale.nix | 2 - 5 files changed, 178 insertions(+), 3 deletions(-) create mode 100644 hosts/nimbus/configuration.nix create mode 100644 hosts/nimbus/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index b57d195..0e188f3 100644 --- a/flake.nix +++ b/flake.nix @@ -44,6 +44,14 @@ modules = [ ./hosts/galanthus/configuration.nix ]; }; + nixosConfigurations.nimbus = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit inputs; + }; + modules = [ ./hosts/nimbus/configuration.nix ]; + }; + formatter.aarch64-darwin = nixpkgs.legacyPackages.aarch64-darwin.nixfmt-tree; }; } diff --git a/hosts/galanthus/configuration.nix b/hosts/galanthus/configuration.nix index b2ca8f2..bd955ed 100644 --- a/hosts/galanthus/configuration.nix +++ b/hosts/galanthus/configuration.nix @@ -56,10 +56,20 @@ "render" "video" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTpgedzJ7vs3GMOjUeQGkAzGhNZRhvMMz9Z1whaWieE jan@malus" + ]; }; services = { - openssh.enable = true; + openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; # Root-Login sperren + PasswordAuthentication = false; # Nur SSH-Keys + }; + }; + tailscale.extraUpFlags = [ "--ssh" ]; }; programs = { diff --git a/hosts/nimbus/configuration.nix b/hosts/nimbus/configuration.nix new file mode 100644 index 0000000..d032692 --- /dev/null +++ b/hosts/nimbus/configuration.nix @@ -0,0 +1,108 @@ +{ + inputs, + pkgs, + config, + lib, + ... +}: +{ + imports = [ + inputs.agenix.nixosModules.default + ./hardware-configuration.nix + ../../modules/nixos/tailscale.nix + ]; + + # Workaround for https://github.com/NixOS/nix/issues/8502 + services.logrotate.checkConfig = false; + + boot = { + tmp.cleanOnBoot = true; + }; + + zramSwap.enable = true; + + security.sudo.extraConfig = '' + Defaults lecture = never + Defaults pwfeedback + Defaults env_keep += "DISPLAY EDITOR PATH" + ''; + + networking = { + hostName = "nimbus"; + networkmanager.enable = true; + domain = "subnet03200816.vcn03200816.oraclevcn.com"; + }; + + nix = { + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + trusted-users = [ "jan" ]; + }; + }; + + users.users.jan = { + isNormalUser = true; + description = "Jan Kremer"; + extraGroups = [ + "networkmanager" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTpgedzJ7vs3GMOjUeQGkAzGhNZRhvMMz9Z1whaWieE jan@malus" + ]; + }; + + services = { + openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; # Root-Login sperren + PasswordAuthentication = false; # Nur SSH-Keys + }; + }; + }; + + programs = { + git = { + enable = true; + lfs = { + enable = true; + enablePureSSHTransfer = true; + }; + }; + + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + nh = { + enable = true; + clean = { + enable = true; + extraArgs = "--keep-since 7d --keep 3"; + }; + flake = "${config.users.users.jan.home}/.config/nix"; + }; + }; + + # environment.systemPackages = with pkgs; [ + # helix + # claude-code + # ]; + + nixpkgs.config.allowUnfreePredicate = + pkg: + builtins.elem (lib.getName pkg) [ + "claude-code" + ]; + + time.timeZone = "Europe/Berlin"; + + i18n.defaultLocale = "de_DE.UTF-8"; + + system.stateVersion = "23.11"; # Don't change! +} diff --git a/hosts/nimbus/hardware-configuration.nix b/hosts/nimbus/hardware-configuration.nix new file mode 100644 index 0000000..62605f3 --- /dev/null +++ b/hosts/nimbus/hardware-configuration.nix @@ -0,0 +1,51 @@ +{ + lib, + modulesPath, + ... +}: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot.loader = { + efi.efiSysMountPoint = "/boot/efi"; + grub = { + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + }; + }; + + boot.initrd = { + availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "xen_blkfront" + "vmw_pvscsi" + ]; + kernelModules = [ "nvme" ]; + }; + + fileSystems = { + "/boot/efi" = { + device = "/dev/disk/by-uuid/349C-BCCC"; + fsType = "vfat"; + }; + "/" = { + device = "/dev/mapper/ocivolume-root"; + fsType = "xfs"; + }; + }; + + # fileSystems.swapDevices = [ + # { + # device = "/swapfile"; + # size = 1024; # 1GB + # } + # ]; + + # networking = { + # useDHCP = lib.mkDefault true; + # }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/modules/nixos/tailscale.nix b/modules/nixos/tailscale.nix index 90c63b2..544a9a0 100644 --- a/modules/nixos/tailscale.nix +++ b/modules/nixos/tailscale.nix @@ -3,8 +3,6 @@ services.tailscale = { enable = true; useRoutingFeatures = "both"; - extraUpFlags = [ "--ssh" ]; - # serve = { # enable = true; # services = {