init htz

2024-01-27 14:28:21 -06:00 · 2024-01-27 14:28:21 -06:00 · 441d9785c9
commit 441d9785c9
parent d12c6ef0f3
12 changed files with 744 additions and 40 deletions
--- a/nixos/htz/configuration.nix
+++ b/nixos/htz/configuration.nix
@ -0,0 +1,40 @@
+{ pkgs, ... }: {
+  imports = [
+    ./hardware-configuration.nix
+    ./vms.nix
+    #./eth.nix
+  ];
+  environment.systemPackages = with pkgs; [
+    nfs-utils
+    vim
+  ];
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = false;
+  networking.hostName = "htz";
+  networking.domain = "";
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [22];
+    allowedUDPPorts = [];
+    logRefusedConnections = true;
+  };
+  services.openssh.enable = true;
+  users.users = {
+    root = {
+      openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM4Zr0PFN7QdOG2aJ+nuzRCK6caulrpY6bphA1Ppl8Y e@t14''];
+    };
+    e = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+      home = "/home/e";
+      packages = with pkgs; [
+        vim
+        htop
+        tree
+      ];
+      openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM4Zr0PFN7QdOG2aJ+nuzRCK6caulrpY6bphA1Ppl8Y e@t14''];
+    };
+  };
+  security.sudo.wheelNeedsPassword = false;
+  nix.settings.trusted-users = ["e"];
+}
--- a/nixos/htz/eth.nix
+++ b/nixos/htz/eth.nix
@ -0,0 +1,71 @@
+{ system, ethereum-nix, ...}: {
+  services.ethereum.geth.mainnet = {
+    enable = true;
+    package = ethereum-nix.packages.${system}.geth;
+    openFirewall = true;
+    args = {
+      http = {
+        enable = false;
+        api = ["net" "web3" "eth"];
+      };
+      authrpc.jwtsecret = "/etc/nixos/eth_jwt";
+    };
+  };
+  services.nginx.enable = true;
+    services.nginx.virtualHosts."contabo.10110110.xyz" = {
+      addSSL = true;
+      enableACME = true;
+      root = "/var/www/fam";
+    };
+    security.acme = {
+      acceptTerms = true;
+      defaults.email = "cjriddz@protonmail.com";
+    };
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [80 443];
+    allowedUDPPorts = [];
+    logRefusedConnections = true;
+  };
+  services.ethereum.nimbus-beacon.mainnet = {
+    enable = true;
+    package = ethereum-nix.packages.${system}.nimbus;
+    openFirewall = true;
+    args = {
+      nat = "any";
+      network = "mainnet";
+      jwt-secret = "/etc/nixos/eth_jwt";
+      trusted-node-url = "https://sync.invis.tools";
+      el = ["http://127.0.0.1:8551"];
+      listen-address = "0.0.0.0";
+      tcp-port = 9000;
+      udp-port = 9000;
+      enr-auto-update = true;
+      max-peers = "160";
+      doppelganger-detection = true;
+      history = "prune";
+      graffiti = "yo";
+      metrics = {
+          enable = true;
+          port = 5054;
+          address = "127.0.0.1";
+      };
+      rest = {
+          enable = true;
+          port = 5052;
+          address = "0.0.0.0";
+          allow-origin = "*";
+      };
+      payload-builder = {
+        enable = true;
+        url = "http://localhost";
+      };
+      light-client-data = {
+          serve = true;
+          import-mode = "only-new";
+          max-periods = "3";
+      };
+    };
+  };
+
+}
--- a/nixos/htz/hardware-configuration.nix
+++ b/nixos/htz/hardware-configuration.nix
@ -0,0 +1,63 @@
+{ modulesPath, lib, ... }:
+{
+  system.stateVersion = "23.11"; 
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  boot = {
+    loader.grub = {
+      efiSupport = true;
+      efiInstallAsRemovable = true;
+      device = "nodev";
+    };
+    initrd.availableKernelModules = [
+      "ata_piix"
+        "uhci_hcd"
+        "xen_blkfront"
+        "vmw_pvscsi"
+    ];
+    initrd.kernelModules = [ "nvme" ];
+  };
+  fileSystems = {
+    "/boot" = {
+      device = "/dev/disk/by-uuid/5679-B4CD";
+      fsType = "vfat";
+    };
+    "/" = {
+      device = "/dev/mapper/ssd1-root";
+      fsType = "ext4";
+    };
+  };
+  swapDevices = [{
+    device = "/dev/dm-1";
+  }];
+  networking.useNetworkd = true;
+  networking.nat = {
+    enable = true;
+    externalInterface = "enp0s31f6";
+    internalInterfaces = [ "microvm" ];
+  };
+  systemd.network = {
+    enable = true;
+    netdevs = {
+      "10-microvm".netdevConfig = {
+        Kind = "bridge";
+        Name = "microvm";
+      };
+    };
+    networks = {
+      "10-microvm" = {
+        matchConfig.Name = "microvm";
+        networkConfig = {
+          DHCPServer = true;
+        };
+        addresses = [ {
+          addressConfig.Address = "10.0.0.1/24";
+        }];
+      };
+      "11-microvm" = {
+        matchConfig.Name = "vm-*";
+        networkConfig.Bridge = "microvm";
+      };
+    };
+  };
+}
--- a/nixos/htz/vms.nix
+++ b/nixos/htz/vms.nix
@ -0,0 +1,15 @@
+{ ... }: {
+  microvm.vms = {
+    vm-test = {
+      config = {
+        microvm.shares = [{
+          source = "/nix/store";
+          mountPoint = "/nix/.ro-store";
+          tag = "ro-store";
+          proto = "virtiofs";
+        }];
+        system.stateVersion = "23.11"; 
+      };
+    };
+  };
+}