Add machine boop

machines/boop/README.md

@@ -0,0 +1,3 @@
+# `xn--vp9h` (pronounced 🤓)
+
+another server for applications and compute and stuff

machines/boop/boot.nix

@@ -0,0 +1,31 @@
+inputs:
+{ config, lib, ... }:
+with lib; {
+  boot.loader = {
+    efi.canTouchEfiVariables = true;
+
+    grub = {
+      enable = true;
+      devices = [ "nodev" ];
+      efiSupport = true;
+      useOSProber = true;
+      # splashImage = ./nerd-emoji.jpg;
+    };
+  };
+
+  boot.initrd.availableKernelModules =
+    [ "xhci_pci" "ehci_pci" "uhci_hcd" "hpsa" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  # because we want to be able to decrypt host keys over SSH
+  boot.initrd.network.ssh = {
+    enable = true;
+    authorizedKeys = inputs.self.lib.sshKeyDatabase.users.astrid;
+  };
+
+  nixpkgs.hostPlatform = "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode =
+    mkDefault config.hardware.enableRedistributableFirmware;
+}

machines/boop/configuration.nix

@@ -0,0 +1,47 @@
+inputs:
+{ config, pkgs, lib, modulesPath, ... }:
+with lib; {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+
+    inputs.self.nixosModules.server
+
+    (import ./boot.nix inputs)
+    ./fs.nix
+    ./net.nix
+  ];
+
+  # Logrotate config build fail workaround
+  # https://discourse.nixos.org/t/logrotate-config-fails-due-to-missing-group-30000/28501
+  services.logrotate.checkConfig = false;
+
+  astral = {
+    users.alia.enable = true;
+    virt = {
+      docker.enable = true;
+      libvirt.enable = true;
+    };
+    monitoring-node.scrapeTransport = "tailscale";
+    tailscale.enable = mkForce false;
+
+    backup.db.enable = false;
+  };
+
+  time.timeZone = "US/Pacific";
+
+  networking = {
+    hostName = "boop";
+    domain = "h.astrid.tech";
+
+    hostId = "49e32584"; # Required for ZFS
+  };
+
+  services.nginx = {
+    enable = true;
+
+    clientMaxBodySize = "16m";
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+  };
+}

machines/boop/fs.nix

@@ -0,0 +1,40 @@
+{
+  boot.zfs.forceImportAll = true;
+
+  fileSystems."/" = {
+    device = "rootfs";
+    fsType = "tmpfs";
+  };
+
+  fileSystems."/tmp" = {
+    device = "rpool/enc/tmp";
+    fsType = "zfs";
+  };
+
+  fileSystems."/nix" = {
+    device = "rpool/nix";
+    fsType = "zfs";
+  };
+
+  fileSystems."/var" = {
+    device = "rpool/enc/var";
+    fsType = "zfs";
+  };
+
+  fileSystems."/etc" = {
+    device = "rpool/enc/etc";
+    fsType = "zfs";
+  };
+
+  fileSystems."/home" = {
+    device = "rpool/enc/home";
+    fsType = "zfs";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/D30E-26C7";
+    fsType = "vfat";
+  };
+
+  swapDevices = [ ];
+}

machines/boop/machine-info.nix

@@ -0,0 +1 @@
+{ arch = "x86_64-linux"; }

machines/boop/net.nix

@@ -0,0 +1,4 @@
+{
+  networking.useDHCP = false;
+  networking.interfaces.eno1.useDHCP = true;
+}

nix/nixos-modules/roles/server.nix

@@ -1,6 +1,7 @@
 # Some headless server that likely runs 24/7
 inputs:
-{ config, lib, pkgs, ... }: {
+{ config, lib, pkgs, ... }:
+with lib; {
   # Auto-optimize/GC store on a much more frequent basis than the PC's.
   nix.gc = lib.mkForce {
     automatic = true;
@@ -29,7 +30,7 @@ inputs:
     monitoring-node.enable = true;
     mount-root-to-home.enable = true;
 
-    tailscale.enable = true;
+    tailscale.enable = mkDefault true;
 
     users = {
       github.enable = true;