diff --git a/flake.lock b/flake.lock
index c7a0febf..2c8d824c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,25 @@
{
"nodes": {
+ "disko": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1732645828,
+ "narHash": "sha256-+4U2I2653JvPFxcux837ulwYS864QvEueIljUkwytsk=",
+ "owner": "nix-community",
+ "repo": "disko",
+ "rev": "869ba3a87486289a4197b52a6c9e7222edf00b3e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "disko",
+ "type": "github"
+ }
+ },
"home-manager": {
"inputs": {
"nixpkgs": [
@@ -71,6 +91,7 @@
},
"root": {
"inputs": {
+ "disko": "disko",
"home-manager": "home-manager",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
diff --git a/flake.nix b/flake.nix
index b897f6dc..c2323f6c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -5,12 +5,18 @@
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
+ disko = {
+ inputs.nixpkgs.follows = "nixpkgs";
+ url = "github:nix-community/disko";
+ };
+
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-2405.url = "github:nixos/nixpkgs/nixos-24.05";
};
outputs =
{
+ disko,
home-manager,
nixpkgs,
self,
@@ -62,6 +68,15 @@
modules = [ ./nix/hosts/lemp11 ];
};
+
+ hetznix = nixpkgs.lib.nixosSystem {
+ inherit system;
+
+ modules = [
+ disko.nixosModules.disko
+ ./nix/hosts/hetznix/configuration.nix
+ ];
+ };
};
homeConfigurations = {
diff --git a/nix/hosts/hetznix/configuration.nix b/nix/hosts/hetznix/configuration.nix
new file mode 100644
index 00000000..82fe7e04
--- /dev/null
+++ b/nix/hosts/hetznix/configuration.nix
@@ -0,0 +1,47 @@
+{
+ modulesPath,
+ lib,
+ pkgs,
+ ...
+}:
+{
+ imports = [
+ (modulesPath + "/installer/scan/not-detected.nix")
+ (modulesPath + "/profiles/qemu-guest.nix")
+
+ ./disks.nix
+ ./hardware-configuration.nix
+
+ ./modules/2020.oliverdavies.uk.nix
+ ];
+
+ security.acme = {
+ acceptTerms = true;
+ defaults.email = "oliver@oliverdavies.uk";
+ };
+
+ services.nginx.enable = true;
+
+ networking.firewall.allowedTCPPorts = [
+ 80
+ 443
+ ];
+
+ boot.loader.grub = {
+ efiSupport = true;
+ efiInstallAsRemovable = true;
+ };
+
+ services.openssh.enable = true;
+
+ environment.systemPackages = map lib.lowPrio [
+ pkgs.curl
+ pkgs.gitMinimal
+ ];
+
+ users.users.root.openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkkbYaCD9NUIQT0NnsmlyfepwjxBYeiJSBCotOpdPTyc5inFAd29DiVw98j4skfaHdzjcqWmMFmDQWM6tGkK7eg8n0WuaABmsjdEbzTtfjHwM0tRDCIh5AtoT4IvoLhwLjEI2jKM05BGCQ2m5lS//AYJK1DjiV4UH+IjXHz6oy/3eFzQwANjxWS+mbR565p21yuAu1DKEyaGeVzT1xDhgzlnZG7Cys/rFgUYpIvYDHMOFxG6hsDB8vqyHiTXniniti5tdvGGYHgRGQcynRTU12aerrqHTIOefrElXJdf3/PA8FIY/Pd3MmZocY/vvQe0EVHXWrNtnHOF3MFQ1tFyfubKO51Dcp9KmzHnyBvO4CtvGVr/upSVWfo0I/EqkIqvCvBbdSIPeH9V5hAcyWENGF4Wf0/Yqtc0dBhfXJmPVBsC2ghZp9oERK+h5Xs7DpzkT0vtkN+wjgA5weIuG8e2UVNO29LWASzlychVqb7BVa6kNn5CyGwauyIGsYvAFnUjkyJpK8qleNM3VO5x9aw26IhSKlnSE9PAdX8p7PpdoWfxWRekKTc4h6iAe7pFOENvuokAvCNsE5LolR4VrYKXjA0m3nupDNWYexAWfR3lSeSlKd9nD3OENS0biJKayZHs11iDUTxm5u5gm/U60b4z0zDXjh1H/DI/pSCG6jjaXDpw== opdavies@lemp11"
+ ];
+
+ system.stateVersion = "24.05";
+}
diff --git a/nix/hosts/hetznix/disks.nix b/nix/hosts/hetznix/disks.nix
new file mode 100644
index 00000000..d380ab8e
--- /dev/null
+++ b/nix/hosts/hetznix/disks.nix
@@ -0,0 +1,57 @@
+{ lib, ... }:
+
+{
+ disko.devices = {
+ disk.disk1 = {
+ device = lib.mkDefault "/dev/sda";
+ type = "disk";
+ content = {
+ type = "gpt";
+ partitions = {
+ boot = {
+ name = "boot";
+ size = "1M";
+ type = "EF02";
+ };
+ esp = {
+ name = "ESP";
+ size = "500M";
+ type = "EF00";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ };
+ };
+ root = {
+ name = "root";
+ size = "100%";
+ content = {
+ type = "lvm_pv";
+ vg = "pool";
+ };
+ };
+ };
+ };
+ };
+
+ lvm_vg = {
+ pool = {
+ type = "lvm_vg";
+ lvs = {
+ root = {
+ size = "100%FREE";
+ content = {
+ type = "filesystem";
+ format = "ext4";
+ mountpoint = "/";
+ mountOptions = [
+ "defaults"
+ ];
+ };
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/nix/hosts/hetznix/hardware-configuration.nix b/nix/hosts/hetznix/hardware-configuration.nix
new file mode 100644
index 00000000..80b8228b
--- /dev/null
+++ b/nix/hosts/hetznix/hardware-configuration.nix
@@ -0,0 +1,24 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+ boot.initrd.kernelModules = [ "dm-snapshot" ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/nix/hosts/hetznix/modules/2020.oliverdavies.uk.nix b/nix/hosts/hetznix/modules/2020.oliverdavies.uk.nix
new file mode 100644
index 00000000..76db6e96
--- /dev/null
+++ b/nix/hosts/hetznix/modules/2020.oliverdavies.uk.nix
@@ -0,0 +1,10 @@
+{
+ services.nginx.virtualHosts."2020.oliverdavies.uk" = {
+ enableACME = true;
+ forceSSL = true;
+ root = "/var/www/vhosts/2020.oliverdavies.uk";
+ extraConfig = ''
+ add_header X-Robots-Tag "noindex, nofollow";
+ '';
+ };
+}