add riko

2021-05-21 14:11:53 -04:00 · 2021-05-21 14:11:53 -04:00 · 64a3828efe
commit 64a3828efe
parent 7facff578b
3 changed files with 108 additions and 0 deletions
--- a/machines/riko/configuration.nix
+++ b/machines/riko/configuration.nix
@ -0,0 +1,35 @@
+{ config, pkgs, lib, ... }:
+
+{
+  imports =[
+    ./hardware-configuration.nix
+    ../../common/common.nix
+  ];
+
+  # rzv5fm2vrmnbmffe3bgh2kxdpa66jwdjw57wallgw4j4q64kaknb55id.onion
+
+  nix.flakes.enable = true;
+
+  bios = {
+    enable = true;
+    device = "/dev/vda";
+  };
+
+  luks = {
+    enable = true;
+    device.path = "/dev/disk/by-uuid/e57ac752-bd99-421f-a3b9-0cfa9608a54e";
+  };
+
+  networking.hostName = "riko";
+
+  networking.interfaces.ens3.useDHCP = true;
+
+  security.acme.acceptTerms = true;
+  security.acme.email = "letsencrypt+5@tar.ninja";
+
+  services.nginx.enable = true;
+  services.nginx.virtualHosts."riko.neet.dev" = {
+    enableACME = true;
+    forceSSL = true;
+  };
+}
--- a/machines/riko/hardware-configuration.nix
+++ b/machines/riko/hardware-configuration.nix
@ -0,0 +1,37 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/mapper/vg-root";
+      fsType = "btrfs";
+      options = [ "subvol=root" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/mapper/vg-root";
+      fsType = "btrfs";
+      options = [ "subvol=home" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/e65c8351-d869-456a-bade-0c23e483570f";
+      fsType = "ext3";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/43dd30f1-f428-4b67-a1ce-5c7c336428c4"; }
+    ];
+
+}
--- a/new_machine.txt
+++ b/new_machine.txt
@ -0,0 +1,36 @@
+nix-shell -p nixFlakes git
+cfdisk
+mkfs.ext3 boot
+cryptsetup luksFormat /dev/vda2
+cryptsetup luksOpen /dev/vda2 enc-pv
+pvcreate /dev/mapper/enc-pv
+lvcreate -L 4G -n swap vg
+lvcreate -l '100%FREE' -n root vg
+mkswap -L swap /dev/vg/swap
+swapon /dev/vg/swap
+mkfs.btrfs /dev/vg/root
+mount /dev/vg/root /mnt
+cd /mnt
+btrfs subvolume create root
+btrfs subvolume create home
+cd
+mount -o subvol=root /dev/vg/root /mnt
+mkdir /mnt/home
+mount -o subvol=home /dev/vg/root /mnt/home
+mkdir /mnt/boot
+mount /dev/vda1 /mnt/boot
+mkdir /mnt/secret
+
+/tmp/tor.rc
+```
+DataDirectory /tmp/my-dummy.tor/
+SOCKSPort 127.0.0.1:10050 IsolateDestAddr
+SOCKSPort 127.0.0.1:10063
+HiddenServiceDir /mnt/secret/onion
+HiddenServicePort 1234 127.0.0.1:1234
+```
+
+nix-shell -p tor --run "tor -f /tmp/tor.rc"
+ssh-keygen -q -N "" -t rsa -b 4096 -f /mnt/secret/ssh_host_rsa_key
+ssh-keygen -q -N "" -t ed25519 -f /mnt/secret/ssh_host_ed25519_key
+nixos-generate-config --root /mnt # copy hardware config