Add configuration for dirae.org

systems/dirae.nix

@@ -0,0 +1,54 @@
+{ ... }:
+
+{
+    imports = [
+        ./common.nix
+        ./hardware/dirae.nix
+#        ./persist/dirae.nix
+        ../sets/meta/sysadmin.nix
+	    ../packages/vim/package.nix
+        ../packages/sshd/package.nix
+        ../packages/mailserver/package.nix
+        ../packages/nginx/dirae.nix
+        ../packages/gitlab/package.nix
+        ../packages/synapse/package.nix
+    ];
+
+    boot = {
+        loader = {
+            grub = {
+                enable = true;
+                device = "/dev/vda";
+            };
+        };
+
+        kernel = {
+            sysctl."net.ipv6.conf.eth0.disable_ipv6" = true;
+        };
+    };
+
+    networking = {
+        hostName = "dirae";
+        enableIPv6 = false;
+        hostId = "149e5b5c";
+        interfaces = {
+            enp6s18.ipv4.addresses = [{
+                address = "91.210.224.148";
+                prefixLength = 24;
+            }];
+        };
+        nameservers = [ "1.1.1.1" "8.8.8.8" ];
+        defaultGateway = "91.210.224.1";
+        firewall = {
+            enable = true;
+        };
+    };
+
+    time.timeZone = "Europe/Berlin";
+
+    # To not mess up SSH sessions from weird terminals
+    environment.sessionVariables = {
+        TERM = "xterm";
+    };
+}
+

systems/hardware/dirae.nix

@@ -0,0 +1,44 @@
+{ lib, modulesPath, ... }:
+
+{
+    imports = [ 
+        (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+    boot.initrd.availableKernelModules = [ "uhci_hcd" "ahci" "virtio_pci" "virtio_blk" ];
+    boot.initrd.kernelModules = [ ];
+    boot.kernelModules = [ "kvm-intel" ];
+    boot.extraModulePackages = [ ];
+    boot.zfs.devNodes = "/dev/disk/by-path";
+
+    # Will enable this later when everything is stable
+#    boot.initrd.postDeviceCommands = lib.mkAfter ''
+#        zfs rollback -r local/root@blank
+#    '';
+
+    fileSystems."/" = { 
+        device = "local/root";
+        fsType = "zfs";
+    };
+
+    fileSystems."/boot" = { 
+        device = "/dev/disk/by-uuid/B33B-0EBE";
+        fsType = "vfat";
+    };
+
+    fileSystems."/nix" = {
+        device = "local/nix";
+        fsType = "zfs";
+    };
+
+    swapDevices = [ ];
+
+    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+    # (the default) this is the recommended approach. When using systemd-networkd it's
+    # still possible to use this option, but it's recommended to use it in conjunction
+    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+    networking.useDHCP = lib.mkDefault true;
+    # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+
+    nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

systems/homeserver.nix

@@ -4,7 +4,7 @@
     imports = [
         ./common.nix
         ./hardware/homeserver.nix
-        ./persist/homeserver.nix
+        ./persist/common.nix
         ../sets/meta/sysadmin.nix
         ../packages/vim/package.nix
         ../packages/nginx/homeserver.nix
@@ -53,7 +53,7 @@
     console.keyMap = "uk";
 
     # To not mess up SSH sessions from weird terminals
-    environment.sessionVariables = rec {
+    environment.sessionVariables = {
         TERM = "xterm";
     };
 }

systems/persist/common.nix

@@ -5,7 +5,7 @@
         impermanence.nixosModules.impermanence
     ];
 
-    environment.persistence."/nix/persist/common" = {
+    environment.persistence."/nix/persist" = {
         directories = [
             "/etc/ssh"
             "/var/lib"

systems/persist/dirae.nix

@@ -0,0 +1,33 @@
+{ impermanence, ... }:
+
+{
+    imports = [
+        impermanence.nixosModules.impermanence
+    ];
+
+    environment.persistence."/nix/persist" = {
+        hideMounts = true;
+        directories = [
+            "/var/spool"
+            { directory = "/var/dkim"; user = "opendkim"; 
+              group = "opendkim"; mode = "u=rwx,g=rx,o=rx"; }
+            { directory = "/var/sieve"; user = "virtualMail"; 
+              group = "virtualMail"; mode = "u=rwx,g=rwx,o="; }
+            { directory = "/var/vmail"; user = "virtualMail"; 
+              group = "virtualMail"; mode = "u=rwx,g=rws,o="; }
+            "/etc/dovecot"
+            "/etc/pki"
+            "/etc/ssh"
+            { directory = "/var/lib/acme"; user = "acme"; 
+              group = "acme"; mode = "u=rwx,g=rx,o=rx"; }
+            { directory = "/var/lib/opendkim"; user = "opendkim"; 
+              group = "opendkim"; mode = "u=rwx,g=,o="; }
+            "/var/lib/postfix"
+            "/var/log"
+        ];
+        
+        files = [
+            "/etc/machine-id"
+        ];
+    };
+}

systems/persist/homeserver.nix

@@ -1,7 +0,0 @@
-{ ... }:
-
-{
-    imports = [
-        ./common.nix
-    ];
-}

systems/persist/qemu-vm.nix

@@ -1,7 +0,0 @@
-{ ... }:
-
-{
-    imports = [
-        ./common.nix
-    ];
-}

systems/qemu-vm.nix

@@ -6,7 +6,7 @@
         ../sets/meta/sysadmin.nix
         ../packages/vim/package.nix
         ./common.nix
-        ./persist/qemu-vm.nix
+        ./persist/common.nix
     ];
 
     boot.loader.grub.enable = true;