diff --git a/machines/riko/configuration.nix b/machines/riko/configuration.nix new file mode 100644 index 0000000..96f4847 --- /dev/null +++ b/machines/riko/configuration.nix @@ -0,0 +1,35 @@ +{ config, pkgs, lib, ... }: + +{ + imports =[ + ./hardware-configuration.nix + ../../common/common.nix + ]; + + # rzv5fm2vrmnbmffe3bgh2kxdpa66jwdjw57wallgw4j4q64kaknb55id.onion + + nix.flakes.enable = true; + + bios = { + enable = true; + device = "/dev/vda"; + }; + + luks = { + enable = true; + device.path = "/dev/disk/by-uuid/e57ac752-bd99-421f-a3b9-0cfa9608a54e"; + }; + + networking.hostName = "riko"; + + networking.interfaces.ens3.useDHCP = true; + + security.acme.acceptTerms = true; + security.acme.email = "letsencrypt+5@tar.ninja"; + + services.nginx.enable = true; + services.nginx.virtualHosts."riko.neet.dev" = { + enableACME = true; + forceSSL = true; + }; +} diff --git a/machines/riko/hardware-configuration.nix b/machines/riko/hardware-configuration.nix new file mode 100644 index 0000000..fb1ea76 --- /dev/null +++ b/machines/riko/hardware-configuration.nix @@ -0,0 +1,37 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/mapper/vg-root"; + fsType = "btrfs"; + options = [ "subvol=root" ]; + }; + + fileSystems."/home" = + { device = "/dev/mapper/vg-root"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/e65c8351-d869-456a-bade-0c23e483570f"; + fsType = "ext3"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/43dd30f1-f428-4b67-a1ce-5c7c336428c4"; } + ]; + +} \ No newline at end of file diff --git a/new_machine.txt b/new_machine.txt new file mode 100644 index 0000000..28052e0 --- /dev/null +++ b/new_machine.txt @@ -0,0 +1,36 @@ +nix-shell -p nixFlakes git +cfdisk +mkfs.ext3 boot +cryptsetup luksFormat /dev/vda2 +cryptsetup luksOpen /dev/vda2 enc-pv +pvcreate /dev/mapper/enc-pv +lvcreate -L 4G -n swap vg +lvcreate -l '100%FREE' -n root vg +mkswap -L swap /dev/vg/swap +swapon /dev/vg/swap +mkfs.btrfs /dev/vg/root +mount /dev/vg/root /mnt +cd /mnt +btrfs subvolume create root +btrfs subvolume create home +cd +mount -o subvol=root /dev/vg/root /mnt +mkdir /mnt/home +mount -o subvol=home /dev/vg/root /mnt/home +mkdir /mnt/boot +mount /dev/vda1 /mnt/boot +mkdir /mnt/secret + +/tmp/tor.rc +``` +DataDirectory /tmp/my-dummy.tor/ +SOCKSPort 127.0.0.1:10050 IsolateDestAddr +SOCKSPort 127.0.0.1:10063 +HiddenServiceDir /mnt/secret/onion +HiddenServicePort 1234 127.0.0.1:1234 +``` + +nix-shell -p tor --run "tor -f /tmp/tor.rc" +ssh-keygen -q -N "" -t rsa -b 4096 -f /mnt/secret/ssh_host_rsa_key +ssh-keygen -q -N "" -t ed25519 -f /mnt/secret/ssh_host_ed25519_key +nixos-generate-config --root /mnt # copy hardware config \ No newline at end of file