Added stargate server

2025-09-17 21:29:09 +02:00 · 2025-09-17 21:29:09 +02:00 · ba8ee5e161
commit ba8ee5e161
parent fbac93723b
8 changed files with 152 additions and 31 deletions
--- a/systems/x86_64-linux/stargate/default.nix
+++ b/systems/x86_64-linux/stargate/default.nix
@ -0,0 +1,35 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  namespace,
+  system,
+  target,
+  format,
+  virtual,
+  systems,
+  config,
+  ...
+}:
+with lib;
+with lib.custom; {
+  facter.reportPath = ./facter.json;
+  imports = lib.snowfall.fs.get-nix-files ./.;
+  systemd.network.wait-online.enable = lib.mkForce false; #facter
+
+  custom.presets.disko.impermanenceBtrfsLuks = {
+    enable = true;
+    swapSize = 16;
+  };
+  custom.hardware.secureBoot = enabled;
+  custom.impermanence = enabled;
+
+  custom.users.kylekrein = {
+    enable = true;
+    config = {};
+  };
+  networking.firewall.allowedTCPPorts = [80 443 22];
+  # ======================== DO NOT CHANGE THIS ========================
+  system.stateVersion = "25.05";
+  # ======================== DO NOT CHANGE THIS ========================
+}
--- a/systems/x86_64-linux/stargate/disko.nix
+++ b/systems/x86_64-linux/stargate/disko.nix
@ -0,0 +1,70 @@
+{lib, ...}: let
+  addHdd = device: name: {
+    type = "disk";
+    inherit device;
+    content = {
+      type = "gpt";
+      partitions = {
+        luks = {
+          size = "100%";
+          label = "luks";
+          content = {
+            type = "luks";
+            inherit name;
+            extraOpenArgs = [
+              "--allow-discards"
+              "--perf-no_read_workqueue"
+              "--perf-no_write_workqueue"
+            ];
+            # https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
+            settings = {crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];};
+            content = {
+              type = "zfs";
+              pool = "zstorage";
+            };
+          };
+        };
+      };
+    };
+  };
+in {
+  disko.devices = {
+    disk = {
+      hdd1 = addHdd "/dev/sda" "crypt-hdd1";
+      hdd2 = addHdd "/dev/sdb" "crypt-hdd2";
+      hdd3 = addHdd "/dev/sdc" "crypt-hdd3";
+      hdd4 = addHdd "/dev/sdd" "crypt-hdd4";
+    };
+    zpool = {
+      zstorage = {
+        type = "zpool";
+        mode = "raidz2";
+        rootFsOptions = {
+          mountpoint = "none";
+          compression = "zstd";
+          acltype = "posixacl";
+          xattr = "sa";
+          "com.sun:auto-snapshot" = "true";
+        };
+        options.ashift = "12";
+        datasets = {
+          "services" = {
+            type = "zfs_fs";
+            mountpoint = "/var/lib";
+            options."com.sun:auto-snapshot" = "true";
+          };
+          "backups" = {
+            type = "zfs_fs";
+            mountpoint = "/backups";
+            options."com.sun:auto-snapshot" = "true";
+          };
+          "media" = {
+            type = "zfs_fs";
+            mountpoint = "/media";
+            options."com.sun:auto-snapshot" = "true";
+          };
+        };
+      };
+    };
+  };
+}
--- a/systems/x86_64-linux/stargate/services/default.nix
+++ b/systems/x86_64-linux/stargate/services/default.nix
@ -0,0 +1,16 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  namespace,
+  system,
+  target,
+  format,
+  virtual,
+  systems,
+  config,
+  ...
+}:
+with lib;
+with lib.custom; {
+}