starhaven.dev / infra
nixos server configurations
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

init kuribo

bates64.com 9bec9006

+156
+27
flake.lock
··· 1 + { 2 + "nodes": { 3 + "nixpkgs": { 4 + "locked": { 5 + "lastModified": 1764517877, 6 + "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=", 7 + "owner": "NixOS", 8 + "repo": "nixpkgs", 9 + "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c", 10 + "type": "github" 11 + }, 12 + "original": { 13 + "owner": "NixOS", 14 + "ref": "nixos-unstable", 15 + "repo": "nixpkgs", 16 + "type": "github" 17 + } 18 + }, 19 + "root": { 20 + "inputs": { 21 + "nixpkgs": "nixpkgs" 22 + } 23 + } 24 + }, 25 + "root": "root", 26 + "version": 7 27 + }
+20
flake.nix
··· 1 + { 2 + description = "bates64"; 3 + 4 + inputs = { 5 + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; 6 + }; 7 + 8 + outputs = 9 + inputs@{ nixpkgs, ... }: 10 + { 11 + nixosConfigurations = { 12 + kuribo = nixpkgs.lib.nixosSystem { 13 + system = "aarch64-linux"; 14 + modules = [ 15 + ./servers/kuribo/configuration.nix 16 + ]; 17 + }; 18 + }; 19 + }; 20 + }
+14
modules/auto-upgrade.nix
··· 1 + { 2 + system.autoUpgrade = { 3 + enable = false; # TODO 4 + flake = "git+https://tangled.org/starhaven.dev/infra"; # TODO 5 + flags = [ 6 + "-L" # print build logs 7 + ]; 8 + allowReboot = true; 9 + rebootWindow = { 10 + lower = "03:00"; 11 + upper = "06:00"; 12 + }; 13 + }; 14 + }
+13
modules/gc.nix
··· 1 + { 2 + nix.gc = { 3 + automatic = true; 4 + dates = "weekly"; 5 + options = "--delete-older-than 30d -d"; 6 + }; 7 + nix.extraOptions = '' 8 + min-free = ${toString (100 * 1024 * 1024)} 9 + max-free = ${toString (1024 * 1024 * 1024)} 10 + ''; 11 + nix.optimise.automatic = true; 12 + nix.optimise.dates = [ "06:00" ]; 13 + }
+42
modules/hetzner-aarch64.nix
··· 1 + # Hardware configuration for Hetzner Ampere VMs 2 + { 3 + lib, 4 + modulesPath, 5 + ... 6 + }: 7 + { 8 + imports = [ 9 + (modulesPath + "/profiles/qemu-guest.nix") 10 + ]; 11 + networking.useDHCP = lib.mkDefault true; 12 + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; 13 + boot.initrd.availableKernelModules = [ 14 + "ata_piix" 15 + "uhci_hcd" 16 + "xen_blkfront" 17 + ]; 18 + boot.initrd.kernelModules = [ 19 + "nvme" 20 + #"virtio_gpu" 21 + ]; 22 + boot.kernelParams = [ "console=tty" ]; 23 + boot.loader.grub = { 24 + enable = true; 25 + efiSupport = true; 26 + efiInstallAsRemovable = true; 27 + device = "nodev"; 28 + }; 29 + 30 + # Filesystems made by nixos-infect(?) 31 + fileSystems."/boot" = { 32 + device = "/dev/sda15"; 33 + fsType = "vfat"; 34 + }; 35 + fileSystems."/" = { 36 + device = "/dev/sda1"; 37 + fsType = "ext4"; 38 + }; 39 + 40 + boot.tmp.cleanOnBoot = true; 41 + zramSwap.enable = true; 42 + }
+30
servers/kuribo/configuration.nix
··· 1 + { 2 + imports = [ 3 + ../../modules/hetzner-aarch64.nix 4 + ../../modules/auto-upgrade.nix 5 + ../../modules/gc.nix 6 + ../../users/users.nix 7 + ]; 8 + 9 + networking.hostName = "kuribo"; 10 + 11 + nix.extraOptions = '' 12 + experimental-features = nix-command flakes 13 + ''; 14 + 15 + services.openssh = { 16 + enable = true; 17 + settings = { 18 + PasswordAuthentication = false; 19 + PermitRootLogin = "no"; 20 + }; 21 + }; 22 + services.fail2ban.enable = true; 23 + 24 + programs.neovim = { 25 + enable = true; 26 + defaultEditor = true; 27 + }; 28 + 29 + system.stateVersion = "25.11"; 30 + }
+1
users/bates64.pub
··· 1 + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINsDTVCIkcFjkaDm5RoWG1uSNJBanUWGmoKHIRHvSsQq alex@bates64.com
+9
users/users.nix
··· 1 + { 2 + users.users = { 3 + bates64 = { 4 + isNormalUser = true; 5 + extraGroups = [ "wheel" ]; 6 + openssh.authorizedKeys.keyFiles = [ ./bates64.pub ]; 7 + }; 8 + }; 9 + }