From de4c297252f938de2e94a134b6899d77c212e649 Mon Sep 17 00:00:00 2001 From: William P Date: Sun, 22 Feb 2026 20:22:28 -0500 Subject: [PATCH] initial commit --- .gitignore | 1 + common/core.nix | 9 ++++++ common/networking.nix | 19 +++++++++++ disko/uefi-nosecure.nix | 40 +++++++++++++++++++++++ flake.lock | 49 +++++++++++++++++++++++++++++ flake.nix | 70 +++++++++++++++++++++++++++++++++++++++++ users/users.nix | 5 +++ users/williamp.nix | 9 ++++++ 8 files changed, 202 insertions(+) create mode 100644 .gitignore create mode 100644 common/core.nix create mode 100644 common/networking.nix create mode 100644 disko/uefi-nosecure.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 users/users.nix create mode 100644 users/williamp.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e2f5dd2 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +result \ No newline at end of file diff --git a/common/core.nix b/common/core.nix new file mode 100644 index 0000000..d8385d0 --- /dev/null +++ b/common/core.nix @@ -0,0 +1,9 @@ +{ + imports = [ + ./networking.nix + ]; + nixpkgs.config.allowUnfree = true; + programs.nix-ld.enable = true; + security.sudo.wheelNeedsPassword = false; + system.stateVersion = "25.11"; +} \ No newline at end of file diff --git a/common/networking.nix b/common/networking.nix new file mode 100644 index 0000000..bb3c82c --- /dev/null +++ b/common/networking.nix @@ -0,0 +1,19 @@ +{ config, ... }: +{ + networking = { + hostName = config.my.hostname; + networkmanager = { + enable = true; + }; + hosts = { + "10.105.6.201" = ["weyma-omni.infra.dubyatp.xyz"]; + }; + }; + + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + }; + }; +} \ No newline at end of file diff --git a/disko/uefi-nosecure.nix b/disko/uefi-nosecure.nix new file mode 100644 index 0000000..1c3b118 --- /dev/null +++ b/disko/uefi-nosecure.nix @@ -0,0 +1,40 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + swap = { + size = "4G"; + content = { + type = "swap"; + discardPolicy = "both"; + resumeDevice = true; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} \ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..a13f9c7 --- /dev/null +++ b/flake.lock @@ -0,0 +1,49 @@ +{ + "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768920986, + "narHash": "sha256-CNzzBsRhq7gg4BMBuTDObiWDH/rFYHEuDRVOwCcwXw4=", + "owner": "nix-community", + "repo": "disko", + "rev": "de5708739256238fb912c62f03988815db89ec9a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v1.13.0", + "repo": "disko", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1771574726, + "narHash": "sha256-D1PA3xQv/s4W3lnR9yJFSld8UOLr0a/cBWMQMXS+1Qg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c217913993d6c6f6805c3b1a3bda5e639adfde6d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..b47c434 --- /dev/null +++ b/flake.nix @@ -0,0 +1,70 @@ +{ + description = "Black Start essential infrastructure for cloud operations"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; + + disko = { + url = "github:nix-community/disko/v1.13.0"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, disko }: + { + nixosConfigurations = { + weyma-bs = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + { disko.devices.disk.main.device = "/dev/vda"; } + ./common/core.nix + ./disko/uefi-nosecure.nix + ./users/users.nix + { + config.boot = { + loader = { + systemd-boot = { + enable = true; + }; + + efi = { + canTouchEfiVariables = false; + }; + timeout = 5; + }; + initrd = { + verbose = false; + systemd.enable = true; + }; + }; + config.fileSystems = { + "/" = { + options = ["noatime" "nodiratime" "discard"]; + }; + }; + options.my.hostname = nixpkgs.lib.mkOption { + type = nixpkgs.lib.types.str; + default = "weyma-bs"; + description = "Machine hostname"; + }; + } + ({config, lib, pkgs, modulesPath, ...}: { + imports = [(modulesPath + "/profiles/qemu-guest.nix")]; + boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + swapDevices = [ ]; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + }) + ]; + specialArgs = { + inputs = { + inherit self nixpkgs disko; + }; + }; + }; + }; + }; +} \ No newline at end of file diff --git a/users/users.nix b/users/users.nix new file mode 100644 index 0000000..c335b63 --- /dev/null +++ b/users/users.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./williamp.nix + ]; +} \ No newline at end of file diff --git a/users/williamp.nix b/users/williamp.nix new file mode 100644 index 0000000..87578c3 --- /dev/null +++ b/users/williamp.nix @@ -0,0 +1,9 @@ +{ + users.users.williamp = { + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID5lZ0/JJyLLwSrFfSs+DF/v0EkV2i/SVDf18+/K5NDV me@williamtpeebles.com" + ]; + extraGroups = ["wheel"]; + }; +} \ No newline at end of file