diff --git a/packages/hosts/default.nix b/packages/hosts/default.nix index 6bcba04..79a46ce 100644 --- a/packages/hosts/default.nix +++ b/packages/hosts/default.nix @@ -11,5 +11,8 @@ in router = stableHost ./router.nix { }; bigtower = stableHost ./bigtower.nix { }; rascal = stableHost ./rascal.nix { }; + + generic-headless = stableHost ./generic-headless.nix { }; + generic = stableHost ./generic.nix { }; # arm-dragon = host ./dragon.nix { system = "aarch64-linux"; }; } diff --git a/packages/hosts/generic-headless.nix b/packages/hosts/generic-headless.nix new file mode 100644 index 0000000..33bdcc5 --- /dev/null +++ b/packages/hosts/generic-headless.nix @@ -0,0 +1,60 @@ +{ + hardware, + config, + ... +}: +{ + system.stateVersion = "24.05"; + networking.hostName = "lyte-generic-headless"; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "ehci_pci" + "usbhid" + "uas" + "sd_mod" + ]; + + imports = with hardware; [ + common-cpu-amd + common-pc-ssd + ]; + + users.groups.beefcake = { }; + users.users = { + beefcake = { + isSystemUser = true; + createHome = true; + home = "/storage/backups/beefcake"; + group = "beefcake"; + extraGroups = [ "sftponly" ]; + openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys ++ [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7HrojwoyHED+A/FzRjYmIL0hzofwBd9IYHH6yV0oPO root@beefcake" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOEI82VdbyR1RYqSnFtlffHBtHFdXO0v9RmQH7GkfXo restic@beefcake" + ]; + }; + }; + + services.openssh.extraConfig = '' + Match Group sftponly + ChrootDirectory /storage/backups/%u + ForceCommand internal-sftp + AllowTcpForwarding no + ''; + + networking = { + wifi.enable = true; + firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ 22 ]; + }; + }; + + services.tailscale.useRoutingFeatures = "server"; + + home-manager.users.daniel = { + lyte.shell.enable = true; + }; +}