From fb74188d21b3985496a20c62dde8475b3d67f39f Mon Sep 17 00:00:00 2001
From: Victor Mignot <dala@dalaran.fr>
Date: Sun, 12 Nov 2023 00:40:26 +0100
Subject: [PATCH] Add camelot initial config

---
 configurations/camelot/default.nix | 39 ++++++++++++++++++++++++++++++
 machines.nix                       |  8 ++++++
 modules/server/default.nix         |  8 +++---
 modules/server/network.nix         | 28 +++++++++++++++++++++
 4 files changed, 80 insertions(+), 3 deletions(-)
 create mode 100644 configurations/camelot/default.nix
 create mode 100644 modules/server/network.nix

diff --git a/configurations/camelot/default.nix b/configurations/camelot/default.nix
new file mode 100644
index 0000000..26d865a
--- /dev/null
+++ b/configurations/camelot/default.nix
@@ -0,0 +1,39 @@
+{ pkgs, config, lib, ... }:
+{
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  filesystems = [
+    {
+      mountpoint = "/";
+      deviceUUID = "966d0ec0-7a7b-4987-91cf-6493e9f5126c";
+      fsType = "ext4";
+    }
+    {
+      mountpoint = "/boot";
+      deviceUUID = "901B-0D68";
+      fsType = "vfat";
+    }
+  ];
+
+  swapDeviceUUID = "a7c628ab-c5cb-4094-89d0-19b153fbead4";
+
+  server.networking.enableSSH = true;
+
+  environment.systemPackages = with pkgs; [
+    neovim
+  ];
+
+  machineUsers = {
+    dala = {
+      description = "Dala";
+      groups = [ "wheel" ];
+      uid = 1000;
+      shell = pkgs.bash;
+    };
+  };
+}
diff --git a/machines.nix b/machines.nix
index f63e013..e533567 100644
--- a/machines.nix
+++ b/machines.nix
@@ -6,4 +6,12 @@
     enableHomeManager = true;
     stateVersion = "23.11";
   };
+
+  camelot = {
+    machineType = "server";
+    nixpkgsUnstable = false;
+    system = "x86_64-linux";
+    enableHomeManager = false;
+    stateVersion = "23.11";
+  };
 }
diff --git a/modules/server/default.nix b/modules/server/default.nix
index f1a624c..fff6d3c 100644
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@@ -1,3 +1,5 @@
-{ lib, config, ... }:
-with lib;
-{ }
+{
+  imports = [
+    ./network.nix
+  ];
+}
diff --git a/modules/server/network.nix b/modules/server/network.nix
new file mode 100644
index 0000000..437e84c
--- /dev/null
+++ b/modules/server/network.nix
@@ -0,0 +1,28 @@
+{ lib, config, ... }:
+with lib;
+{
+  options.server.networking.enableSSH = mkOption {
+    type = types.bool;
+    default = true;
+    example = false;
+  };
+
+  options.server.networking.enableNginx = mkOption {
+    type = types.bool;
+    default = true;
+    example = false;
+  };
+
+  config = {
+    services.openssh = mkIf config.server.networking.enableSSH {
+      enable = true;
+      settings.PermitRootLogin = "no";
+    };
+
+    networking.firewall.allowedTCPPorts = [
+      (mkIf config.services.nginx.enable 80)
+      (mkIf config.services.nginx.enable 443)
+      (mkIf config.server.networking.enableSSH 22)
+    ];
+  };
+}